Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documentation indicates use of environment variables and outbound network access, but the skill does not explicitly declare permissions for those capabilities. This creates a transparency and governance gap: users or platforms may invoke a skill with broader access than expected, increasing the risk of unintended credential exposure or unreviewed external data transfer.
