Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documents broad capabilities including environment-variable credential intake, file operations, and network access, yet declares no permissions or trust boundaries. In an agent setting, this under-specification is dangerous because operators may invoke a highly privileged admin client without realizing it can read secrets from the environment and perform destructive remote actions.
