Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill directs the agent to read secrets from the local environment and generate files, but it does not declare those capabilities up front. Undeclared access to env and file-write expands the trust boundary invisibly and can surprise users or hosting platforms, increasing the risk of secret exposure or unintended local file creation.
