Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill advertises shell, file read, and file write capable behavior via yt-dlp usage but does not declare any permissions. Undeclared execution and filesystem capabilities reduce transparency and can bypass policy or user expectations, increasing the risk of unsafe command execution, unintended file access, or unsafe artifact handling if the skill is later implemented or invoked automatically.
