Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to use powerful capabilities including shell, network, file read/write, and environment-backed authentication flows, but no explicit permission declaration or capability scoping is present. In a long, tool-oriented skill like this, missing permission boundaries increases the chance of unintended command execution, data exposure, or unsafe file/network access if the skill is invoked in the wrong context or influenced by adversarial user input.
