Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 78% confidence
- Finding
- The skill documentation references environment-based configuration for MongoDB despite not declaring corresponding permissions or clearly scoping that capability in the manifest. Hidden or undeclared access to environment variables increases the risk of over-privileged behavior and makes it harder for users or platforms to assess what sensitive data the skill may access.
