Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs the agent to launch a Python script and access Firebase, which implies shell execution and network access, but no permissions are declared. This creates a governance and sandboxing gap: the agent may run capabilities the user or platform has not explicitly authorized, increasing the risk of unintended command execution or external data access.
