Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill explicitly instructs the agent to execute a local shell script (`./audit.sh`) and declares a required binary (`curl`), but it does not declare any corresponding permissions for shell execution or outbound network access. This creates a trust and enforcement gap: the skill can perform command execution and fetch arbitrary URLs while appearing to require no privileges, which increases the risk of unintended command use, SSRF against internal resources, or policy bypass in permission-gated environments.
