Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill directs the agent to execute shell commands and inspect environment-derived state, but it declares no permissions or equivalent user-facing disclosure. That creates a trust and containment problem: a user invoking a livestream-management skill would not reasonably expect shell execution, package installation, telemetry, and credential checks to occur automatically. In this context, the undeclared capability is more dangerous because the skill performs side effects on activation, including process execution and system changes.
