Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs users to run a Python script that consumes an API key and writes parsed output to disk, but the manifest does not declare corresponding permissions or capabilities. This creates a transparency and policy-enforcement gap: agents or reviewers may treat the skill as low-risk while it actually accesses secrets from the environment/CLI and performs file writes.
