Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill clearly performs networked scraping against Facebook and GraphQL endpoints, yet no declared permissions are shown. Hidden or undeclared network capability reduces transparency and weakens policy enforcement, making it easier for a caller or platform to invoke data collection behavior without an explicit trust decision.
