Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documentation declares required environment variables and trading credentials, but no explicit permissions model is declared. In an agent ecosystem, undeclared access to environment secrets is security-relevant because it obscures the true trust boundary and can cause operators to expose high-value credentials without clear consent. The risk is amplified here because the env capability includes API and private-key material tied to financial trading.
