Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill explicitly instructs the agent to run local scripts, edit files, delete generated content, and package artifacts, which implies shell, file read, and file write capabilities. Because no permissions are declared, the skill asks for privileged actions without transparent scoping, increasing the chance of overbroad execution and unsafe tool use in environments that rely on declared permissions for policy enforcement.
