Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill invokes shell commands for installation and execution (`npm install`, `npx`, `playwright install`) but does not declare any permissions or trust boundaries for doing so. This creates a real security gap because installing and launching external packages can execute arbitrary code from the package supply chain and start a browser automation service with broad interaction capabilities.
