Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill instructs use of shell commands and access to local secret files, but it declares no permissions. This creates a transparency and least-privilege problem: an agent or reviewer may not realize the skill reads sensitive files like age keys and encrypted credential blobs, then invokes local scripts to process them. In the context of an email-sending skill that handles authentication material, undeclared file_read and shell capabilities are more sensitive than they would be for a purely informational skill.
