Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill advertises and documents capabilities to read environment variables, scan files, write reports, execute shell commands, and perform network egress, but no declared permissions are present. This creates a transparency and consent gap: a user or platform may invoke a high-privilege skill without clear authorization boundaries, increasing the risk of secret exposure or unintended outbound transmission.
