Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill documentation indicates outbound network use via a third-party QR API, but no corresponding permission declaration is present. This can mislead users and reviewers about data flow, causing user-supplied text or URLs to be transmitted externally without clear capability disclosure.
