Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill instructs use of environment variables and shell commands to access an external API, but the skill metadata does not declare corresponding permissions. That creates a permission-model mismatch: an agent may invoke shell or read secrets without transparent capability disclosure, which weakens reviewability and can enable unintended secret access or command execution paths.
