Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill instructs the agent to run shell commands and create or modify files (`init_skill.py`, `ima_skill_create`, and `file_edit`) but does not declare permissions or constraints for those capabilities. This creates a real safety gap because a broadly triggered skill could perform filesystem writes and command execution without explicit scoping, increasing the chance of unintended or unsafe actions.
