Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill advertises and instructs use of capabilities including shell execution, network access, environment access, and file reads, yet declares no permissions. This creates a transparency and policy-enforcement gap: users or platforms may treat the skill as lower risk than it actually is, increasing the chance that powerful operations are executed without appropriate review or gating.
