Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 80% confidence
- Finding
- The skill advertises tool usage that implies network and shell-capable operations such as package installation, browser setup, and CLI invocation, but it does not declare corresponding permissions. That creates a transparency and governance gap: an agent may select or trust the skill as informational while it can actually drive environment-changing or networked actions.
