Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill explicitly instructs the agent to run shell commands and write files into a workspace, but it declares no permissions. That mismatch can bypass user/operator expectations and weakens policy enforcement because a reviewer may assume the skill is non-invasive when it can actually modify the filesystem and invoke external tools.
