Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill advertises and operationalizes network access, file writes, and shell-based execution paths (Docker/python commands) but does not declare permissions. That creates a transparency and governance gap: users or orchestrators may invoke a capability-rich skill without understanding it can access third-party sites, write downloaded content and metadata to disk, and launch tooling that performs those actions. In this context, the risk is elevated because the purpose of the skill is to fetch untrusted remote content from arbitrary URLs across many platforms.
