Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill clearly instructs the agent to use shell-capable Docker and Bash commands, yet the document shows no explicit permission declaration or safety boundary for those capabilities. In an agent setting, undocumented shell access increases the chance of executing impactful host-level operations without appropriate consent, review, or sandboxing.
