Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 74% confidence
- Finding
- The skill declares shell-based usage and update commands but does not declare any corresponding permissions, creating a mismatch between documented capabilities and the security model. This can cause an agent or operator to invoke shell tooling without explicit authorization boundaries or review, increasing the chance of unsafe execution paths.
