Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill exposes shell-based network capabilities through curl commands but declares no permissions, which creates a mismatch between what the skill appears to do and what it actually enables. This can bypass user or platform expectations around outbound network access and increase the chance that sensitive text or credentials are sent externally without informed consent.
