Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill demonstrates access to environment variables and networked relay usage but does not declare corresponding permissions in metadata. This creates a transparency and policy-enforcement gap: a host may load the skill without realizing it can access secrets or external services, undermining sandboxing and informed consent.
