Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill instructs the agent to discover and call arbitrary external MCP server tools, which is effectively network-capable behavior, yet the skill declares no permissions or trust boundaries. This creates a real security gap because users and policy systems are not clearly informed that the skill can reach external services, access remote data, and potentially invoke sensitive operations exposed by connected MCP servers.
