Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill metadata understates its effective capabilities: the documentation describes invoking Python scripts, interacting with local files, and potentially downloading and placing an external executable, which implies shell/process execution, file read/write, and network access. This mismatch is dangerous because users and policy engines may grant trust based on a LOW permission profile while the skill can perform materially broader actions.
