Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill instructs the agent to execute a local Python script that has both shell-execution and network-fetching capability, but the skill declares no permissions or trust boundary for those actions. Even though the apparent purpose is legitimate RSS retrieval, this creates an undeclared capability gap: an agent may perform network access and local command execution without explicit user awareness or policy enforcement.
