Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 79% confidence
- Finding
- The skill advertises multiple shell-capable helper scripts and mentions semantic search, but it does not declare the permissions or capabilities those operations require. Undeclared shell and possible network behavior weakens transparency and policy enforcement, making it easier for a caller to invoke filesystem-changing or externally connected actions without informed approval.
