Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill documents network and shell-capable operations but does not declare corresponding permissions. This creates a trust and governance gap: users or orchestrators may invoke a skill that can execute local commands and transmit data externally without explicit consent boundaries. In this context, the risk is elevated because the skill processes user-supplied images and can upload outputs to a third-party service.
