Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill instructs the agent to read credentials and endpoint configuration from environment sources such as `recall.env` and process environment variables, but no explicit permissions are declared for that capability. This creates a transparency and policy gap: a reviewer or runtime may not realize the skill can access sensitive configuration, increasing the risk of unintended secret exposure or unauthorized outbound use.
