Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill instructs the agent to access external documentation, query public skill hubs, search GitHub/community sources, and references custom automation via Python/Bash, which implies network and shell-capable behavior. Because these capabilities are not explicitly constrained or permission-scoped in the skill contract, the agent may perform higher-risk actions than a user expects, increasing the chance of unsafe execution paths or abuse if the skill is triggered unexpectedly.
