Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill invokes shell scripts for installation and transcription, but it does not declare corresponding permissions. That creates a trust and policy gap: users or orchestrators may treat the skill as lower risk than it is, while it can download and execute external binaries and process local files via shell commands. In this context, the danger is increased because installation explicitly pulls artifacts from GitHub Releases and HuggingFace, expanding supply-chain exposure.
