Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs execution of Python, network API calls, reading configuration, and writing HTML reports, yet no permissions are declared. This creates a governance gap where reviewers or runtime policy may not accurately reflect the skill's actual capabilities, increasing the risk of unintended data access or exfiltration.
