Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill declares required environment variables, including a store secret, but does not declare corresponding permissions or clearly constrain access to sensitive configuration. This creates a transparency and governance gap: operators and users may not realize the skill depends on secrets and external store access, increasing the chance of over-privileged deployment or unintended secret exposure.
