Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill explicitly instructs use of environment variables for credentials and network calls to external APIs, yet it declares no corresponding permissions. This weakens security review and user/operator awareness, because a skill that can exfiltrate local files over the network should transparently declare those capabilities.
