Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill advertises executable scripts and repository-modifying operations (file_read, file_write, shell) but declares no permissions. This creates a transparency and consent failure: a user or host may invoke a skill expecting lightweight conversational behavior while it can read, rewrite, and audit repository contents via shell-driven workflows.
