Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill declares executable tools (`python3`, `bash`) and instructs users to run commands that read models, write adapters, install components, and execute verification scripts, but there is no explicit permission model describing those file and shell capabilities. This creates a trust and containment gap: a caller may invoke the skill expecting documentation-only behavior while the skill can drive filesystem changes and shell execution, increasing the risk of unintended local command execution or modification of user environments.
