Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 75% confidence
- Finding
- The skill manifest declares no required binaries or permissions, yet the documented behavior and static analysis indicate shell-capable actions. This creates a trust gap: operators may approve or run the skill under the assumption it is passive detection logic when it may invoke command execution paths or installation/setup behaviors.
