Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises and includes operational guidance for using environment variables, local scripts, file inputs, network calls, and shell commands, but it does not declare permissions or clearly scope those capabilities. This creates a transparency and governance gap: an agent or reviewer may not realize the skill can access sensitive inputs or perform outbound actions, increasing the chance of unintended data exposure or unsafe execution in permissive environments.
