Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill exposes shell execution, file reads, environment access, and likely networked behavior through an external Python script, but the manifest declares no permissions or constraints. This creates a transparency and trust problem: users and security tooling cannot accurately assess the skill’s capabilities, and the query parameter is forwarded into a shell-invoked command path that interacts with local config and a desktop app.
