Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill clearly directs the agent to use shell commands and outbound network access (`curl`, `python3`) but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a host system may load the skill without understanding that it can transmit user queries and interact with external infrastructure.
