Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill invokes shell commands to generate a share URL and analyze the screen, but it does not declare corresponding permissions or execution boundaries. Hidden or undeclared code-execution capability reduces transparency and makes it easier for a user or host system to authorize screen capture and local command execution without understanding the full trust implications.
