Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documentation describes capabilities that use shell commands, environment variables, network access, and persistent local configuration, but it does not declare permissions accordingly. This is dangerous because users and hosting frameworks may trust the stated scope of the skill while it can exfiltrate content, read env-derived identifiers, and modify local state through hidden or under-declared behaviors.
