Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill declares environment-variable and network-dependent behavior in metadata and usage, but does not expose explicit permissions or equivalent user-facing consent boundaries. This can lead to under-informed execution where a user or orchestrator invokes a networked skill that accesses secrets and sends data externally without clear declaration.
