Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill instructs the agent to access environment variables for API keys and execute shell commands, but it does not declare any permissions for those capabilities. This creates a trust and sandboxing gap: a caller or platform may underestimate the skill's access needs, and the shell capability especially increases the risk of command misuse if later combined with untrusted input or modified scripts.
