Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill clearly relies on environment secrets and outbound network access, but it does not explicitly declare those permissions in a structured way beyond metadata requirements. Undeclared capabilities reduce transparency for deployers and can cause agents to invoke a networked, secret-using skill without appropriate review or sandboxing.
