Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill invokes a bundled script that can read environment variables, read and write local files, make network requests, and execute via shell commands, yet those capabilities are not declared in the skill metadata. This creates a transparency and consent problem: operators may authorize a seemingly simple read-only news skill without realizing it can persist credentials locally and perform state-changing actions against the Miniflux API.
