Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill invokes scripts that perform network access, environment manipulation, and file writes, but it does not declare these capabilities as permissions. This creates a transparency and governance gap: users or hosting systems cannot accurately assess or constrain what the skill will do before execution, increasing the risk of unintended data access, uncontrolled outbound connections, or unexpected filesystem changes.
