Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill exercises sensitive capabilities including network access, filesystem reads/writes, shell execution, and environment access, yet the manifest does not declare permissions or clearly scope those powers. In a banking automation context, undeclared capabilities reduce transparency and prevent users or enforcement layers from understanding that the skill can access credentials, session state, downloaded statements, and potentially invoke external tools.
