Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill documentation describes shell execution, environment-variable driven behavior, AWS CLI access, and file writes, but the manifest does not declare corresponding permissions. This creates a trust and review gap: users or orchestration systems may approve the skill without understanding that it can read environment configuration, invoke external commands, and write diagnostic artifacts to disk.
