Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill requires highly sensitive environment variables and also persists Azure credentials locally, yet it does not clearly declare a permission model to make that access explicit to users or the hosting platform. This creates a transparency and governance gap that can lead to over-trusting the skill and mishandling tenant-wide credentials.
