Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill describes use of environment variables and outbound network/API access but does not declare corresponding permissions. That mismatch weakens user and platform visibility into what the skill can access, increasing the risk of unexpected secret handling and remote data transmission during operation.
