Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises operational capabilities that include environment access, file reads, network access, and shell usage, but it does not declare permissions or constraints for those behaviors. That creates a trust and review gap: an agent or user may invoke a tool that can inspect local repositories, read tokens from the environment, and execute git or other shell commands without an explicit capability declaration or minimization boundary.
