Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill instructs use of both shell execution and network access, including passing a Zotero API key on the command line and making requests to external services. Because no permissions are explicitly declared, users and policy systems may not get an accurate warning about these capabilities, increasing the chance of unintended execution with sensitive credentials or outbound data transfer.
