Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 78% confidence
- Finding
- The skill declares no permissions, yet its documented behavior implies access to environment capabilities and execution of scripts that may rely on local environment data. This creates an authorization and transparency gap: users and hosting platforms cannot accurately assess what capabilities are needed before the skill runs.
