Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill explicitly directs the agent to execute Node.js scripts that perform real COS operations and likely rely on environment-provided credentials, yet the manifest declares no corresponding permissions. This creates a permission-model gap: reviewers and policy enforcement may underestimate that the skill can access secrets from the environment and perform cloud actions, increasing the risk of unintended data access or destructive storage operations.
