Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill documentation indicates capabilities to read environment variables, read/write local files, invoke shell commands, and make network requests, but it does not declare corresponding permissions. That creates a transparency and governance gap: operators may approve or invoke the skill without understanding that it stores OAuth tokens and accesses sensitive health data from external services.
