Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documentation describes capabilities to read environment variables, write files under the current working directory, invoke Python scripts, and make proxied network requests, yet no explicit permission declaration is present. This creates a transparency and policy-enforcement gap: users or hosting frameworks may not realize the skill can access secrets, persist potentially sensitive API responses locally, and reach external services through shell-invoked scripts.
