Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs users to run shell scripts, read environment variables and files for credentials, write tokens and credential files, and access the network, but it does not declare those permissions up front. This weakens informed consent and makes the real security boundary of the skill less visible to users and reviewers, especially because it handles secrets and persistent OAuth tokens.
