Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 85% confidence
- Finding
- The skill declares operational shell capability via `curl` in metadata but does not expose any explicit permission boundary or user-consent mechanism in the skill file. This creates a real risk that an agent can initiate outbound network actions from shell without a clearly declared execution scope, increasing the chance of unintended API calls or misuse in environments that rely on declared permissions for policy enforcement.
