Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill declares no explicit permissions while instructing use of shell commands, environment variables, OAuth credentials, local token generation, and networked access to Gmail/IMAP. This creates a trust and review gap: operators may approve a seemingly read-only skill without realizing it can access sensitive mailbox data and write authentication artifacts locally.
