Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill documentation describes file and network behavior, but no permissions are declared. In an agent ecosystem, undeclared capabilities reduce transparency and informed consent, making it easier for a skill to access local files and external resources without clear user or platform awareness. The risk is moderated by the skill’s stated wallpaper-download purpose, but the missing declaration is still a real security governance issue.
