Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill requires access to environment variables and local config files for credentials, but it does not declare those capabilities explicitly. This weakens user visibility and consent around sensitive data access, especially because the skill handles account email and password for a third-party service.
