Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill directs the agent to read files, set environment variables, write into an Obsidian vault, invoke shell scripts, and use network-backed enrichment, yet it declares no explicit permissions. This mismatch weakens the trust boundary and can cause users or orchestration systems to authorize a skill they believe is low-privilege when it can actually perform broad local and external actions.
