Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill invokes shell scripts but does not declare corresponding permissions, which weakens transparency and safety controls for users and policy engines. Hidden or undeclared shell capability increases the chance that an agent executes local commands or handles sensitive data in ways the user did not explicitly authorize.
