Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to use local scripts, persist API responses to disk, read projected fields back from files, and call external APIs, which implies shell, file read/write, network, and possibly environment access despite no declared permissions. This creates a capability/permission mismatch that weakens reviewability and can enable unintended data exposure or broader-than-expected execution in environments that rely on declared permissions for enforcement.
