Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill invokes shell-capable tooling (`scripts/run.sh`) and declares executable binaries, but does not declare corresponding permissions or clearly constrain filesystem/shell access. This creates a capability transparency gap: the agent may execute local commands and process files beyond what a user would expect from the metadata, increasing the risk of unintended command execution or unauthorized local file access.
