Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill advertises environment scanning and exact install commands but declares no permissions despite requiring env, file read/write, and shell capabilities. This creates a transparency and consent failure: users and policy engines cannot accurately assess what the skill may access or execute before invocation.
