Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 80% confidence
- Finding
- The skill clearly uses environment variables, local file reads, and outbound network access, but those capabilities are not explicitly declared as permissions beyond runtime requirements metadata. This can weaken platform-level review and user understanding of what the skill does, especially because it reads local reference files and sends tracking data to a third-party API.
