Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 73% confidence
- Finding
- The skill declares required environment variables and a Python runtime, and its documented behavior clearly implies outbound network access, but it does not declare explicit permissions boundaries for those capabilities. This can lead to under-scoped review and user misunderstanding about what the skill may access or transmit, especially since it handles external search and URL extraction.
