Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly directs the agent to invoke shell scripts, tmux commands, and external GitHub-hosted tooling, yet it declares no explicit permissions or safety boundaries. This creates a capability mismatch where operators may underestimate that the skill can execute commands and interact with networked/local resources, increasing the chance of unsafe deployment.
