Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill directs the agent to invoke local Python scripts, save user-provided files, access network URLs, and query cloud APIs, yet it declares no permissions or capability boundaries. This creates a transparency and control gap: a host system may auto-run a skill with filesystem, shell, network, and environment access beyond what users or policy engines expect, increasing the risk of unauthorized data exfiltration or unsafe command execution paths.
