Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documentation instructs users to run local Python scripts, invoke the Whisper CLI, read input files, write outputs under /tmp, and execute a shell command that inlines file content into another command. Those are real code-execution and file-access capabilities, but no permissions are declared, which weakens sandboxing, review, and user awareness. In this finance-oriented workflow, the combination of shell, file read, and file write is expected functionally, but still increases risk because it processes local data and generates publishable documents that could expose sensitive financial information if misused.
