Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill declares no permissions while clearly instructing use of scripts that perform network access, local file interaction, and likely environment-dependent behavior. This creates a transparency and consent gap: an agent or reviewer may underestimate the skill's operational reach and allow actions that touch local paths, probe services, and send cloud folder tokens over HTTP APIs.
