Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares environment-variable use and file-related behavior but does not declare explicit permissions or capability boundaries. This can mislead operators and downstream agents about what the skill can access, increasing the chance of overbroad execution in environments that rely on manifest metadata for trust decisions.
