Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill advertises executable shell scripts (`check.sh` and `generate.sh`) and network-backed behavior, but no explicit permissions or safety boundaries are declared. This can cause the host agent or user to invoke shell capabilities unexpectedly, increasing the risk of command execution and unintended external calls in environments that rely on declared permissions for trust decisions.
