Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares access to environment variables, file reads, and network behavior, but does not expose an explicit permission model to constrain or communicate that access. In practice, this increases the risk of over-privileged execution and makes it harder for reviewers or runtime controls to verify that sensitive resources such as memory files and API-backed network actions are limited to the minimum necessary scope.
