Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill instructs use of a sensitive environment variable (`GITHUB_TOKEN`) and performs networked operations against GitHub, but it does not declare permissions/capabilities explicitly. This creates a real security governance gap: agents or users may invoke a skill with broader access than intended, making token misuse, unintended repository writes, issue closure, branch deletion, or workflow dispatch harder to constrain and audit.
