Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares only `Bash` as an allowed tool, but its documented behavior clearly depends on outbound network access and sensitive environment variables. This creates a capability-transparency gap: users and policy systems may not realize prompts, project selections, and conversation state are sent to a remote API, increasing the chance of unintended data exposure.
