Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill declares no required permissions, but its documented behavior clearly includes shell execution, reading repository files, and writing a git hook into .git/hooks/pre-commit. This mismatch is dangerous because it hides the actual capability surface from users and policy systems, reducing informed consent and making it easier for a seemingly simple skill to modify local repository behavior.
