Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly expects access to environment variables, local files, and shell command generation/execution, yet it declares no explicit permissions or trust boundary. This creates hidden capability exposure: a user or platform may not realize the skill can read secrets, inspect local files, and produce executable commands that use those secrets.
