Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares environment-variable use, file read/write, and networked API access, but does not expose a formal permissions declaration despite performing sensitive operations. This can mislead users and host platforms about the skill's actual capabilities, reducing informed consent and making risky behaviors like external data transmission and document mutation less visible.
