Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill inspects environment variables and CLI availability, which is a form of environment access, but it declares no corresponding permissions or trust boundary information. That mismatch can mislead users and higher-level tooling about what the skill observes, increasing the risk of unreviewed disclosure of local system state.
