Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill clearly relies on sensitive capabilities such as browser session reuse, cookie acquisition, and local session storage, yet no explicit permissions are declared. That mismatch is dangerous because it obscures the true security boundary of the skill and can cause users or hosting frameworks to authorize more access than they realize, especially where browser cookies represent account-bearing credentials.
