Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documentation exposes network-capable behavior but does not declare any explicit permissions or constraints around that access. In an agent setting, undeclared network capability can bypass user expectations and policy review, enabling external data exfiltration or unapproved outbound requests through search and content-fetch operations.
