Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill clearly directs the agent to execute shell commands, install dependencies, and run a Python script, yet no permissions are declared. This mismatch weakens platform-level consent and review controls because an agent may gain shell capability implicitly rather than through explicit permission disclosure.
