Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill instructs the agent to access environment variables, read and write local files, and make authenticated network requests, yet it declares no permissions. This creates a transparency and consent problem: a user or host may not realize the skill can export artifacts, handle API keys, and send outbound requests to live services.
