Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documents shell-capable behavior such as process management, git operations, and background execution, yet it declares no permissions or equivalent trust boundary information. This is dangerous because users and orchestration systems may treat the skill as low-risk while it can modify workspace state and persist processes on the host.
