Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documentation clearly directs the agent to execute a local Python script that invokes a Quake CLI binary and writes CSV/RAW output files, yet no permissions are declared. This creates a capability/permission mismatch: a user or platform may not realize the skill can spawn shell processes and write files, which increases the risk of unintended command execution, unsafe binary use, or overwriting local data.
