Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill contains shell command examples that access sensitive system stores and files, but it declares no permissions or equivalent warning/metadata. That mismatch can cause downstream systems or users to underestimate what the skill may prompt them to run, increasing the chance of unsafe execution or review bypass.
