Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill documents shell-based network operations but does not declare corresponding permissions, creating a capability/permission mismatch. This is dangerous because an agent may be allowed to execute external API calls, create accounts, manage automation, and affect third-party systems without transparent user consent or proper policy enforcement.
