Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill invokes shell execution (`bash`, `curl`, `python3`) and instructs the agent to run `exec bash scripts/transcribe_douyin.sh` using user-influenced input, but no explicit permission model is declared beyond metadata requirements. This weakens security boundaries and increases the chance of unsafe command execution or privilege creep, especially if the wrapper script is later modified or handles quoting incorrectly.
