Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs use of shell-capable behavior and curl-based API access, but declares no permissions. That creates a transparency and policy-enforcement gap: a user or host framework may assume the skill is passive while it can read local files and perform network requests. In this context, hidden shell capability increases risk because the skill also accesses a bearer token and supports autonomous persistence behavior.
