Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documentation describes capabilities that imply environment access, file read/write, and network use, but it declares no permissions or trust boundaries. This creates a transparency and review gap: operators and users cannot accurately assess what the skill may access, and sensitive data such as API keys or ID-card images could be handled by components with broader capability than expected.
