Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill invokes shell commands, reads configuration, and modifies `references/devices.yaml`, but declares no permissions. That creates a trust and policy gap: a host system or reviewer may treat the skill as low-risk while it can actually execute commands and persistently alter device mappings. In a skill that can wake hosts and manage stored network identifiers, undeclared capabilities increase the chance of unauthorized execution or insufficient sandboxing.
