Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill invokes shell commands and bundled scripts (`bash scripts/install-toolkit.sh`, multiple `scripts/*.sh`) but does not declare permissions or boundaries for code execution. In an agent environment, this can lead to unexpected command execution, package installation, network access, and filesystem changes without explicit user or platform consent.
