Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 74% confidence
- Finding
- The skill advertises capabilities related to environment access while declaring no required permissions, which creates a transparency and consent gap. In a skill that provisions multiple agents, validates credentials, and edits configuration, undeclared env access could expose secrets or enable behavior the user did not explicitly authorize.
