Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill declares no explicit permissions, yet its documented behavior clearly depends on environment variables, local file access, network communication to Redis, and shell/CLI execution. This weakens the trust boundary for users and reviewers because the skill appears narrower and safer than it actually is, increasing the chance of unintended deployment with more capability than expected.
