Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill explicitly instructs use of `web_search` and a Python script, which are code/network-capable actions, but no permissions are declared. This creates a hidden capability gap: reviewers and runtime policy may underestimate the skill's ability to send user-derived health/insurance queries externally, increasing risk of unauthorized data exposure and policy bypass.
