Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill invokes a local Python CLI, can read environment variables, and makes outbound network requests, yet these capabilities are not explicitly declared as permissions. This weakens reviewability and user consent because a supposedly simple data skill actually has shell, env, and network reach, increasing the chance of unnoticed data exfiltration or unsafe command execution in a broader agent environment.
