Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill documentation instructs the agent to execute a local Python script and acknowledges use of environment variables and external network access, yet it declares no permissions. This creates a transparency and policy-enforcement gap: users or hosting platforms may approve the skill without realizing it can invoke shell commands, read env-derived secrets, and make outbound requests.
