Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs the agent to read and write local files, invoke shell commands, access environment-derived identity state, and call networked APIs, but it declares no permissions or trust boundaries. This mismatch is dangerous because users and the platform may not realize that uploaded files, local defaults, and cloud endpoints are being accessed and persisted, increasing the chance of unintended data exposure or unsafe execution.
