Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill describes capabilities that imply shell execution, file read/write, webhook hosting, network access, and integration with external services, yet it declares no permissions or trust boundaries. This mismatch is dangerous because users and the platform cannot accurately assess or constrain what the skill is allowed to do, increasing the risk of over-privileged execution, unsafe deployment, or unnoticed data handling.
