Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly instructs the agent to execute local shell scripts via bash, yet the metadata does not declare corresponding permissions or execution capabilities. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill can invoke shell commands and networked tooling, weakening sandboxing and trust decisions.
