Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill documentation instructs users to run local scripts that use network, shell, environment access, and file output, but it does not declare any corresponding permissions or capability boundaries. This creates a transparency and least-privilege problem: an agent or user may invoke the skill without understanding that it can access external services and write files, increasing the chance of unsafe execution in a broader automation environment.
