Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill requires environment secrets and performs networked uploads, but those capabilities are not explicitly declared as permissions. This weakens reviewability and informed consent because operators may not realize the skill can access cloud credentials and transmit local file contents to an external service.
