Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill advertises shell, file read, environment variable, repository modification, dependency installation, and AI-backend transmission behaviors, but the metadata does not declare corresponding permissions. This creates a trust and consent gap: a caller may invoke the skill without realizing it can read local files, access API keys, run commands, install packages, modify git repositories, and send repository contents to external services.
