Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documentation instructs use of local scripts, configuration files, and environment-backed credentials, but it does not declare the permissions needed for those capabilities. Undeclared access to secrets/config and execution context reduces transparency and can bypass policy controls that rely on explicit permission declarations.
