Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 76% confidence
- Finding
- The skill advertises behavior that involves storing credentials, parsing user-supplied files, and calling an external API, but it does not declare corresponding permissions. This creates a transparency and governance gap: the runtime may still access files, network, and configuration storage without users or reviewers having an explicit permission contract to audit.
