Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill explicitly instructs users to supply a Neta API token and invoke a script that necessarily makes outbound requests, yet the manifest declares only `tools: Bash` and no corresponding network permission. This creates a capability/permission mismatch that can bypass user expectations and platform safety controls, especially because the skill handles credentials and external data flows.
