Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill invokes a local Python script via Exec/shell-like capability but does not declare any corresponding permission boundary. This creates a mismatch between what reviewers/users can infer from the manifest and what the skill can actually do, increasing the risk of undisclosed command execution and unsafe access to local resources.
