Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to run local Python scripts, read and write files, and invoke shell commands, but it does not declare any permissions or constraints for those capabilities. This creates a transparency and policy gap: an orchestrator or user may trigger code execution and filesystem access without clear consent boundaries, increasing the risk of unintended command execution or data access if the scripts or inputs are unsafe.
