Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill repeatedly instructs the host agent to execute shell commands such as `run.sh doctor`, `run.sh status`, `curl /api/user`, and other state-changing operations, yet no declared permissions are present. This creates a trust-boundary problem: a caller or platform may treat the skill as low-privilege while it actually requires command execution and network access, increasing the chance of unexpected execution, unsafe approval UX, or deployment in environments that did not intend to allow those capabilities.
