Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill uses environment variables and makes outbound network requests, but does not declare explicit permissions beyond runtime requirements. This weakens least-privilege controls and makes it harder for a host platform or reviewer to understand and constrain what the skill can access or transmit.
