Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares no permissions, but its documented behavior clearly includes network access, environment manipulation, and writing a report file. This mismatch is dangerous because it hides the skill's actual capabilities from reviewers and runtime policy enforcement, reducing transparency and potentially allowing broader-than-expected execution.
