Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill advertises broad capabilities including shell commands, environment-variable handling, file reads/writes, and network access, yet declares no permissions. This creates a transparency and governance failure: an agent or reviewer cannot accurately understand the trust boundary before installation or use, increasing the chance of unexpected local system changes, secret access, or outbound data flows.
