Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares only allowed tools but no explicit permissions, while its documented behavior clearly requires environment access, filesystem reads/writes, shell execution, and network communication. This gap weakens policy enforcement and user awareness, increasing the chance that a caller invokes a skill with broader capabilities than the manifest transparently communicates.
