Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill documents substantial shell-script execution capabilities but does not declare permissions or clearly bound what commands may run. In an installer skill, hidden shell capability increases the risk of unsafe execution paths, especially because later sections describe persistence and environment modification.
