Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 97% confidence
- Finding
- The skill explicitly instructs the agent to invoke a shell wrapper script (`scripts/ensue-api.sh`) while declaring no permissions. That mismatch is dangerous because it can bypass expected capability review and allow command execution paths that are not visible in the manifest, especially if user-controlled content is later interpolated into shell arguments or if the wrapper script behavior changes.
