Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 79% confidence
- Finding
- The skill advertises shell-based handler usage and requires `jq`/`curl`, but does not declare corresponding permissions or execution capabilities. This creates a transparency and governance gap: users or hosts may invoke a skill that can access the shell and network without clear permission boundaries, increasing the chance of unintended command execution or data access if the implementation is unsafe.
