Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill documentation instructs use of environment variables, shell profile reads, temporary file writes under /tmp, and outbound API access, yet no explicit permissions are declared. That mismatch is dangerous because an agent may be induced to access sensitive local configuration files or environment secrets and perform network actions without transparent user consent or sandbox enforcement. The context increases risk because the skill explicitly describes fallback behavior that reads shell startup files and persists API responses to disk.
