Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill documentation describes capabilities that access environment variables, write files, and use the network, but it does not declare corresponding permissions. This creates a transparency and trust problem: users or platforms may authorize or run the skill without understanding that it can read API keys, download remote content, and create or overwrite local files.
