Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill invokes network access, reads environment variables for API keys, and writes files, yet it declares no permissions or equivalent trust boundary metadata. This creates a transparency and governance gap: operators and users cannot accurately assess what the skill can access or persist, increasing the chance of unintended data exposure or policy bypass.
