Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill explicitly relies on Yahoo Finance data and uses curl/python requests, which implies outbound network access, yet no permissions are declared. Undeclared network capability weakens user consent and platform policy enforcement because the skill can reach external services without transparent capability disclosure.
