Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill exercises sensitive capabilities including local file reads of %TEMP%/vpup.json, token handling via environment/config, network access, shell/process invocation, and local file writes, yet declares no explicit permissions boundary beyond prose in the document. Relying on descriptive text instead of enforceable permissions increases the chance that the skill is loaded or executed with broader access than reviewers or users expect.
