Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill instructs the agent to execute a local Python helper that performs network access and uses a temp cache, but the skill metadata does not declare corresponding permissions. This creates a capability/consent mismatch: an installer or host may treat the skill as low-risk while it can read environment context, access files, write cache files, and fetch remote content during use.
