Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill documentation indicates use of environment variables and network-backed API access, but there is no declared permissions model to make those capabilities explicit. This can mislead users and hosting platforms about what the skill will access, reducing informed consent and weakening policy enforcement around secret handling and outbound connections.
