Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documentation advertises executable monitoring scripts, cron jobs, .env-based secret loading, local file generation, and external API use while declaring no permissions. This creates a trust and consent gap: an agent or reviewer may treat the skill as low-risk content guidance, but it actually implies shell, filesystem, environment, and network capabilities that can access secrets, write artifacts, and call third-party services.
