Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill instructs the agent to run a local server, expose it through a Cloudflare Tunnel, read and write workspace files, and invoke shell commands, yet it declares no permissions. This creates a dangerous mismatch between the visible trust boundary and the actual capabilities, making it easier for an agent or reviewer to approve execution without understanding that the skill can exfiltrate or persist sensitive data.
