Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill exposes capabilities to write files, invoke shell commands, use environment variables, contact network services, and interact with an MCP server, but it does not declare those permissions up front. That creates a trust and review gap: an agent or user may approve the skill for email access while not realizing it can also modify local configuration, launch Docker, and communicate with arbitrary server URLs.
