Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill instructs use of a local CLI/daemon and bundled scripts that imply shell execution, file read/write, environment access, and likely networked part/library operations, but it declares no permissions or capability boundaries. This creates an authorization and transparency gap: an agent may perform powerful local actions without explicit user-visible consent or sandbox expectations, increasing the risk of unintended file changes, command execution, or data exfiltration in a sensitive design environment.
