Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documents and encourages use of file read/write, shell execution, and MCP connectivity, but its metadata declares no corresponding permissions or safety boundaries. This creates a capability/permission mismatch that can cause downstream systems or users to invoke powerful local and remote actions without explicit review, increasing the chance of unsafe execution.
