Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill advertises operational capabilities that include reading files, invoking git via shell, accessing environment variables, and making network requests, but it declares no permissions to make those powers explicit. This creates a transparency and consent gap: an agent or user may authorize the skill without understanding that it can access local repositories, read tokens from the environment, and contact external services.
