Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill performs file reads/writes and outbound network access but does not declare those capabilities as permissions. This undermines transparency and consent, especially because the workflow stores local configuration files and sends data to an external API. In a security-sensitive agent environment, hidden capabilities materially increase risk.
