Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill uses sensitive capabilities—environment secret access, network-backed API retrieval through the CLI, and file output/redirection—without declaring permissions or clearly constraining their use. This weakens user awareness and policy enforcement, especially because the skill handles health data and references secrets files and HTML report generation.
