Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill instructs the agent to discover a local directory, install dependencies, and run a Python script while also relying on network access, yet it declares no permissions. That mismatch is dangerous because it hides the true execution and data access surface from users and reviewers, making arbitrary code execution and outbound requests occur without clear consent or sandbox expectations.
