Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill declares only Read/Write/Bash in metadata, yet its documented behavior explicitly fetches data from Stock Analysis and QVeris, which implies network access. This permission/behavior mismatch is dangerous because it undermines operator expectations and can conceal external data exfiltration, unexpected outbound requests, or use of undeclared capabilities during execution.
