Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill invokes an external API and explicitly requires a Neta API token, which indicates network access despite no declared permissions. Undeclared network capability undermines transparency and consent, increasing the risk that users provide secrets or allow outbound communication without clear permission scoping.
