Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly describes capabilities that use environment variables, write files, and make HTTP calls, but it does not declare permissions in metadata. This creates a governance and review gap: operators and users cannot reliably understand or constrain what the skill can access, which increases the risk of overprivileged execution and hidden data handling.
