Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill clearly relies on environment-based credentials and writes artifacts to local output paths, but it does not declare those capabilities as permissions. Hidden or undeclared capabilities reduce transparency for reviewers and users, making it easier to over-trust the skill and harder to apply least-privilege controls. In a cloud-management skill handling AccessKeys and writing command output, this is materially relevant.
