Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill invokes external scripts, reads environment variables, and uses network-backed image generation, yet it declares no permissions or capability disclosures. This creates a transparency and consent problem: users and the host system cannot accurately assess that the skill will access local secrets and send data externally before use.
