Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill instructs the agent to execute a local Python script from the markdown-defined workflow, which constitutes shell/code execution capability, but no corresponding permissions are declared. That mismatch weakens the platform's trust and containment model because a user-facing skill can trigger command execution without explicit disclosure or gating, increasing the risk of unintended command use or abuse if inputs are not tightly constrained.
