Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documentation instructs the agent to invoke local Python scripts that can read and write configuration files, access environment-derived settings, make network requests to an aria2 RPC endpoint, and execute via shell, yet no explicit permissions are declared. This creates a trust and consent gap: an agent or platform may underestimate the skill’s ability to modify local files, contact arbitrary hosts, and trigger download-related actions, increasing the risk of unintended side effects or SSRF-like access to internal services through configured RPC endpoints.
