Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill clearly relies on outbound network access to query api.myquran.com, but the metadata shown in SKILL.md does not declare any permissions. This is a real security governance issue because it hides the skill's actual capability from reviewers and runtime policy systems, even though the destination and purpose appear benign.
