Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill clearly instructs the agent to read an environment secret, write files, execute local scripts, and make network-backed requests, yet no explicit permissions are declared. This creates a governance gap: the runtime may grant powerful capabilities without clear review boundaries, increasing the chance of unintended secret exposure, file misuse, or external data transfer.
