Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill documentation instructs the agent to execute shell commands, read from user-supplied paths, and write output files, but no permissions are declared. This creates a trust and containment gap: an orchestrator or reviewer may assume the skill is low-privilege while it can actually access the filesystem and invoke package installers or other shell-based tooling.
