Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill instructs the agent to execute shell commands that can initialize repositories, create remotes, push commits and tags, and manipulate local project state, but it declares no permissions. This creates a dangerous mismatch between the skill's documented capabilities and the authority it expects, reducing transparency and increasing the risk of unexpected code execution and repository modification.
