Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 77% confidence
- Finding
- The skill advertises operational capabilities that inherently require network access and likely shell/code execution via curl or Node.js, but it does not declare any permissions or safety constraints. This creates a transparency and governance gap: an agent may invoke outbound requests or local commands without the user or platform having an explicit permission model to review or enforce, which can lead to unintended external communication or command execution.
