Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill advertises an executable shell script (`scripts/benchmarks.sh`) and real API access, but no corresponding permissions or safety boundaries are declared. This creates a mismatch between documented capabilities and the trust model, increasing the risk that an agent could invoke shell/network behavior unexpectedly or without informed user consent.
