Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises capabilities that require environment access, file reading, and network use, but it does not declare permissions or clearly bound those capabilities. This weakens user consent and reviewability, making it easier for the skill to access credentials or local state without users understanding the scope.
