Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill advertises capabilities that access environment variables, local files, and external network services, but does not declare permissions or provide an explicit trust boundary. In a memory skill that persists conversation data and uses remote LLM/embedding APIs, this omission is security-relevant because operators cannot accurately assess what data may be read or transmitted.
