Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises network and environment-variable use but does not declare permissions, which undermines least-privilege controls and informed consent. In agent environments, undeclared env and network capabilities can expose secrets such as API keys and allow unexpected outbound requests beyond what the manifest suggests.
