Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill advertises and relies on shell execution and environment variable access, but it does not declare permissions. That creates a transparency and policy-enforcement gap: an agent or reviewer may approve the skill without realizing it can invoke local commands, access secrets such as API keys, and send data externally.
