Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill documents and relies on sensitive environment variables for cloud credentials and writes artifacts to disk, but it does not declare permissions for those capabilities. This creates a trust and review gap: operators may approve or run the skill without understanding that it can access secrets and persist potentially sensitive API responses or operational data.
