Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill declares access to environment variables, config files, and network-reachable APIs, but there is no explicit permissions section warning users or agents about those capabilities. That makes the trust boundary unclear and can lead to unreviewed use of API keys, local files, and outbound requests during execution.
