Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill advertises and instructs use of a remote API endpoint and a client script, but does not declare corresponding network permissions. This creates a transparency and governance gap: reviewers and users may not realize data will be transmitted off-platform, and permission-based controls cannot be applied correctly.
