Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill instructs the agent to install packages, invoke a local Python script, inspect common directories for templates, and use shell-based tooling like npm, mmdc, textutil, or libreoffice, which clearly implies shell, file read/write, and environment access despite no declared permissions. This creates a permission-transparency gap: users and policy layers may treat the skill as low-risk while it can execute local commands and modify files, increasing the chance of unintended command execution or filesystem access.
