Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 85% confidence
- Finding
- The skill declares an environment requirement for a Telegram bot token but does not declare corresponding permissions or operational constraints. This creates a transparency and governance gap: a reviewer may underestimate that the skill can authenticate to an external messaging service and process inbound/outbound data.
