Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documents direct shell-script execution and access to local files and environment variables, but it does not declare permissions to reflect those capabilities. This creates a trust and policy-enforcement gap: an agent or reviewer may underestimate that the skill can read local secrets, invoke scripts, and modify local state.
