Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill explicitly relies on an external API token and shows command examples that invoke a script likely making outbound requests, yet the skill metadata declares only `tools: Bash` and no permissions or network disclosure. This creates a transparency and policy-enforcement gap: agents or users may run a networked skill without clear permission boundaries, which can expose prompts, tokens, or generated content to a third-party service.
