Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The client spawns an MCP server subprocess and forwards nearly the entire parent process environment into it, only filtering out undefined values. Environment variables commonly contain API keys, cloud credentials, tokens, and other secrets, so any configured MCP server gains access to more sensitive data than is required for basic client connectivity. In the context of an agent skill that may connect to third-party or untrusted MCP servers, this materially increases the risk of credential theft and unintended privilege expansion.
