Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 85% confidence
- Finding
- The skill uses sensitive environment credentials and performs network operations, but those capabilities are not explicitly declared as permissions. This weakens transparency and informed consent: users may not realize the skill can read secrets and transmit data externally, increasing the chance of unintended credential use or data exfiltration.
