Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill clearly requires network access and use of environment-provided API keys, yet only declares tools and not equivalent permissions/capability boundaries. This creates a transparency and policy-enforcement gap: users or hosting systems may not realize the skill can transmit data externally and consume secrets from the environment.
