Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill declares required binaries and sensitive environment variables and describes local file caching and shell-based execution, but it does not declare explicit permissions for those capabilities. This weakens the trust boundary for the agent/operator because the skill can access secrets, read/write local files, and invoke external commands without a clear permission contract.
