Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill declares no explicit permissions even though it uses environment-based secrets and external API access. This weakens reviewability and consent boundaries because operators and users cannot clearly see that the skill depends on secret material and networked data transfer, increasing the chance of silent overreach or unsafe deployment.
