Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill explicitly instructs callers to run local Python scripts, access environment variables, read and write credential files, use network access, and invoke shell commands, yet it declares no permissions metadata. This creates a transparency and policy-enforcement gap: users or orchestrators may approve or execute the skill without understanding that it can access local files and remote services using personal credentials.
