Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill instructs the user to set and rely on an API key environment variable, but it does not declare permissions or clearly scope that capability. In an agent ecosystem, undeclared access to secrets and environment configuration reduces transparency and can enable downstream skills or scripts to read sensitive credentials unexpectedly.
