Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly instructs the agent to read environment variables and secrets files, modify files in the workspace and home directory, and write shell profile changes, but those capabilities are not declared in a permissions model. This creates a transparency and least-privilege problem: a user may expect a planning/analysis skill while it can read secrets and persist host-side changes.
