Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill explicitly permits code-backed execution via python3 and describes commands that read from skill folders, write graph artifacts, and invoke a shell-accessible wrapper, but it does not declare corresponding permissions. This creates a trust and containment gap: a runtime or reviewer may assume the skill is low-privilege while it can actually access environment data, read local files, and write output files during build/query/look flows.
