Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill instructs the agent to create a virtual environment, install packages, execute Python scripts, use network-backed providers, and maintain a local cache/watchlist, yet it declares no explicit permissions. This creates a trust-boundary problem: a reviewer or runtime may underestimate that the skill can read/write local state, make outbound requests, and invoke shell commands, increasing the chance of unintended execution or data exposure.
