Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill declares no permissions, yet its documented behavior clearly invokes shell commands such as `node`, `npm`, `npx`, `bws`, shell loops, and Playwright installation. This creates a mismatch between declared trust boundaries and actual execution capability, which can cause an agent or operator to grant the skill more execution power than expected and increases the risk of command execution, package installation, and network activity without explicit policy review.
