Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill invokes a shell wrapper script (`{baseDir}/scripts/ensue-api.sh`) but does not declare permissions for shell execution. This creates a capability/permission mismatch that can bypass expected trust and review boundaries, especially because the script accepts JSON arguments derived from user content and can perform create, update, and delete operations against the knowledge base.
