Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill embeds substantial shell execution guidance but does not declare corresponding permissions, which weakens platform-level control and transparency around what the skill can do. In practice this can let a broadly-triggered skill run local shell commands that read files, write credentials, and invoke external services without an explicit permission boundary.
