Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documentation clearly instructs use of shell commands and references reading and writing task files under fixed workspace paths, yet no permissions are declared. This creates a trust and enforcement gap: an agent or platform may invoke filesystem and shell-capable behavior without explicit user-visible authorization boundaries, increasing the chance of unintended command execution or task data modification.
