Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill advertises `user-invocable: true` and instructs use of environment variables, private env files, local file reads, and direct network access, but it does not declare permissions/capabilities explicitly. This creates a transparency and policy-enforcement gap: a host may expose the skill without clearly warning that it can read secrets from the environment/filesystem and send authenticated requests off-box.
