Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill advertises substantial capabilities including environment-variable access, file read/write, shell execution, and outbound network communication, but does not declare permissions or constraints for them. In a messaging skill that stores credentials, reads local files for attachments, and sends data to external platforms, this lack of explicit permission scoping reduces transparency and can enable unintended data access or exfiltration if the skill is invoked in a broader agent environment.
