Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to execute local Python scripts, read API credentials from environment variables, and make outbound network requests, but it declares no permissions. This creates a capability/permission mismatch: reviewers and runtime policy may not realize the skill can access secrets and external services, which increases the risk of unauthorized data exfiltration, unintended API usage, or unsafe execution if the skill is invoked in a broader context.
