Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly instructs execution of a Python script, use of environment variables, browser access, and direct shell commands, yet it declares no permissions or trust boundaries. This creates a transparency and policy-enforcement gap: users and the hosting agent may invoke capabilities involving network access, local file reads (for env/config), and shell execution without explicit disclosure or gating.
