Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs the agent to use environment variables, read files from the knowledge base, write JSON result artifacts, and access the network, yet the metadata does not declare corresponding permissions. This creates a permission-transparency gap: reviewers and policy enforcement may underestimate the skill’s capabilities, and a compromised or modified skill could leverage those undeclared capabilities to access sensitive repo data or exfiltrate information via web requests.
