Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill clearly instructs the agent to execute shell commands, but the metadata does not declare corresponding permissions. This creates a trust and review gap: an operator may approve or install the skill without understanding that it launches a background updater, reads local config, modifies installed software, and restarts services.
