Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises shell-capable behavior such as invoking yt-dlp and ffmpeg, but it does not declare any permissions or execution constraints. This creates a transparency and review gap: users and the platform cannot clearly assess that the skill may run local commands and process attacker-controlled input such as URLs, chapter names, and output paths.
