Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill advertises shell execution, environment-variable access, and file read/write behavior, but the metadata shown in SKILL.md does not declare corresponding permissions. In an agent setting, this creates a transparency and policy-enforcement gap: a reviewer or runtime may underestimate what the skill can do, even though the documented interface clearly supports executing local commands, loading secrets, and interacting with local files.
