Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill performs outbound network access to a third-party backend but does not declare that capability in permissions/metadata. Hidden or undeclared network behavior weakens platform trust boundaries and can cause users or reviewers to underestimate that their prompts are being transmitted externally.
