Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly instructs use of shell commands and external tooling (`git`, `node`, `npm`, `python3`, cron scripts) but does not declare corresponding permissions. That creates a transparency and policy-enforcement gap: an operator or platform may treat the skill as lower risk than it is, while it can still modify local state, clone repositories, and submit data over the network.
