Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill invokes a networked API and consumes environment-provided secrets, but the skill manifest does not declare those capabilities. This weakens platform oversight and informed consent because users and tooling cannot clearly see that the skill will access env secrets and make outbound requests.
