Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill advertises use of environment variables, network access, and local file interaction, but declares no permissions. That creates a transparency and review gap: users and platforms cannot accurately assess that the skill sends data to a third-party API and may read or write local files, increasing the chance of unintended data exposure or over-privileged execution.
