Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill advertises and documents capabilities to read environment variables and communicate with an external network service, but it does not declare permissions or provide an explicit capability boundary. This creates a transparency and governance gap: an agent or platform may invoke a skill that can exfiltrate message contents, files, recipient identifiers, and bot credentials without users or policy systems having a clear permission model.
