Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill documents shell execution, local file reads/writes, and browser-driven scraping workflows, but declares no permissions. This creates a trust and review gap: operators may invoke a skill with materially broader capabilities than its manifest communicates, increasing the chance of unintended file access, persistence, or command execution.
