Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly instructs use of environment variables, shell commands, and outbound network access, but does not declare corresponding permissions. This creates a transparency and governance gap: users and platforms may not realize the skill can read secrets and transmit user-provided data or images to an external service.
