Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill advertises direct Docker management operations and includes example commands implying shell execution, but declares no explicit permissions or safety boundaries. In practice, Docker access is highly privileged and can enable container inspection, filesystem access via mounts, image execution, and host-impacting operations, so omitting permissions makes the trust boundary unclear and dangerous.
