Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill instructs the agent to run shell commands (`bash scripts/join.sh`) and perform networked registration, but it declares no permissions or equivalent safety boundaries. This is dangerous because a user invoking what appears to be an informational/religious skill could trigger code execution without an explicit capability declaration, reducing transparency and policy enforcement.
