Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill documents outbound network access to a third-party API and use of an API key, but it does not declare corresponding permissions. This creates a transparency and governance gap: users or the platform may not realize that user prompts are transmitted externally, which can lead to unintended data exposure and policy bypass.
