Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill instructs use of local files, shell commands, and outbound network/API operations, but it does not declare any permissions or capability boundaries. This is dangerous because users and platforms cannot accurately assess or constrain what the skill can access, increasing the chance of unintended file access, secret exposure, or uncontrolled external calls during execution.
