Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill documentation describes capabilities that include environment use, file operations, and network/API access, but no explicit permissions are declared. This creates a trust and governance gap: operators cannot accurately assess what the skill may access, and a skill with activation, installation, and diagnostic actions could perform unintended changes or data access without clear prior authorization boundaries.
