Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs the agent to run a shell installation script when `opencli` is missing, but the manifest does not declare shell or installation-related permissions. That creates a hidden capability escalation path: a document presented as guidance can trigger arbitrary system modification and process control without explicit user expectation or permission gating.
