Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill declares operational capabilities that require environment variables and outbound network access, but it does not explicitly declare permissions for those sensitive actions. This creates a trust and review gap: agents or operators may approve the skill without realizing it can access configured environment data and communicate with external services, increasing the risk of unintended data exposure or unauthorized network interactions.
