Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill clearly relies on shell execution and environment-variable access (`curl`, `jq`, sourcing shell scripts, reading credentials from env/files), yet no explicit permissions are declared. This creates a transparency and policy gap: users or the hosting agent may invoke code-capable behavior without a clear permission boundary, increasing the chance of unintended credential use and network actions.
