Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill invokes a local Python helper through shell commands but does not declare any corresponding permissions, creating a mismatch between documented behavior and the security model. Even though the demonstrated commands appear narrowly scoped to a local SQLite job tracker, undeclared shell capability increases risk because an agent may execute commands without clear user or platform consent boundaries.
