Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill description indicates it uses environment variables and outbound network access, but no permissions are declared. In an agent platform, this creates a trust and policy gap: operators may approve or run the skill without realizing it can read configuration/secrets from the environment and contact external services. In this trading context, network and env access are expected for functionality, but the absence of explicit declaration still makes the capability set less transparent and harder to constrain safely.
