Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill invokes bash and a Python script, uses environment variables, reads and persists credentials to disk, and makes outbound network requests, yet no explicit permissions are declared. This creates a transparency and containment gap: the runtime may grant broader capabilities than users or reviewers expect, increasing the risk of secret handling and command execution abuse.
