Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill instructs the agent to execute local Python scripts that read user files, write outputs, access environment variables, persist auth tokens, and make network requests, yet it declares no permissions. That mismatch undermines informed consent and sandbox policy enforcement: users and the platform cannot accurately assess that the skill will upload local data and store credentials locally before use.
