Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs users and agents to set and rely on an environment variable (`LYGO_STACK_ROOT`) and to read local files such as `references/SECURITY.md`, registries under `docs/`, and other stack paths, but the metadata does not declare corresponding permissions. This creates a capability/permission mismatch that can mislead operators and security tooling, reducing visibility into what the skill can access and making it easier for a modified or downstream variant to read unintended local paths under the guise of normal operation.
