Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs the agent to use shell commands, read repository files, clone external content, and write Markdown/PDF outputs, but it does not declare the permissions or capability boundaries needed for those actions. This is dangerous because it hides meaningful side effects and expands the attack surface for unsafe repo content, unexpected filesystem changes, or shell misuse without explicit governance.
