Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill instructs the agent to access environment variables, read and write local files, and make network requests, but it does not declare these permissions explicitly. This creates a transparency and consent problem: users and policy layers may not realize the skill can fetch remote data, persist HTML locally, and open files, increasing the chance of unintended data exposure or unsafe execution paths.
