Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill invokes shell commands, accesses the network, and appears to read/write files, but it declares no corresponding permissions or user-visible warnings. This creates a transparency and consent gap: a user may trigger network requests or persistent file creation without understanding the skill’s effective capabilities.
