Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill documentation indicates use of environment variables and outbound network access, but it declares no permissions or capability disclosures. This creates a transparency and governance gap: users and reviewers may not realize the skill can access API keys and transmit data externally, which is especially relevant because it processes portrait photos.
