Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill documents and encourages capabilities that touch environment variables, local files, network access, and shell execution, but it does not declare permissions or safety boundaries for those actions. This creates a transparency and consent gap: an agent or user may invoke behavior with broader effects than expected, including reading credentials, uploading files, or writing local state.
