Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill instructs use of environment variables and shell commands but does not declare corresponding permissions, which can hide its true operational scope from users and policy enforcement. In an agent setting, undeclared shell/env access increases the chance that sensitive values such as private keys are accessed or transactions are initiated without adequate review.
