Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill directs use of environment variables, local file reads/writes, network access, and shell-based Python scripts, but it does not declare these permissions explicitly. This weakens user and platform visibility into the skill's effective privileges, increasing the risk of overbroad access and unsafe execution in environments that rely on declared permissions for policy enforcement.
