Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill explicitly enables discovery and execution of arbitrary external MCP tools, which implies network-capable behavior and access to external systems, yet the skill metadata does not declare corresponding permissions or constraints. This creates a transparency and policy-enforcement gap: users and hosting platforms may not understand that invoking the skill can reach remote services, exfiltrate prompts/data, or trigger actions on connected systems.
