Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly instructs the agent to use shell commands, read and write vault files, and consume environment variables, yet it declares no explicit permissions boundary. That mismatch is dangerous because an orchestrator or reviewer may treat the skill as lower-risk than it is, while the documented workflows enable filesystem edits, Git operations, and command execution on the host.
