MCP servers and Skills do more than just extend your agents differently. They introduce risk at completely different layers.

And only one of those layers leaves a trace.

Noma research found that 76% of MCP servers carry high-risk capabilities, 1 in 4 expose arbitrary code execution, and that’s only the half your tooling can see. 62% of Skills carry risky characteristics with no audit trail at all.

When risk from both layers collides, common tools become complete attack chains. Credentials silently exfiltrated. CRM records weaponized against your own agents. Production databases deleted, with no attacker involved at all.

Lethal by Design maps exactly how it happens, and introduces the No Excessive CAP framework: continuous governance of agent Capabilities, Autonomy, and Permissions, the three dials you actually control, regardless of how the attack gets in.