Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill advertises or implies operational capabilities such as file access and shell/script execution, but does not declare permissions or provide clear constraints. This creates a transparency and governance gap: users and platform controls may not realize the skill can run local scripts that read configuration or manipulate data, increasing the risk of unintended execution paths and unauthorized access.
