Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill advertises shell-command execution capability through its examples and functionality, but does not declare permissions or constraints for that capability. This is dangerous because an agent may execute arbitrary user-supplied commands in the project root, enabling command injection, destructive filesystem actions, credential exposure, or execution of malicious package scripts without any explicit permission boundary.
