Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill invokes a shell-based login helper but does not declare shell capability/permissions. That creates an undeclared execution surface and prevents proper policy gating or user review of what the skill can run. In a security-sensitive environment, hidden shell execution is risky even if used only for authentication.
