Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises operational capabilities including environment-variable access, file writes, network calls, and shell execution, but does not declare permissions or present clear guardrails. This creates a transparency and control gap: an invoking agent or user may not realize the skill can persist data locally, use session-scoped identifiers, and call remote endpoints, increasing the chance of unintended data exposure or unsafe execution.
