Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill invokes a Python script that can read local image files, access API keys from command-line arguments, environment variables, or config.json, and send image contents over the network to a third-party endpoint. Although the behavior is documented and appears intended for the skill’s purpose, the capability gap is real: the skill effectively has env, file-read, and network access that are not explicitly declared as permissions, which can lead to unreviewed data exfiltration of sensitive local images or credentials.
