Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documentation describes capabilities that require network access, environment variable access, and local file reads/writes, yet no permissions are declared. This creates a transparency and governance gap: a caller or reviewer cannot accurately assess what the skill may access, and runtime enforcement may be bypassed or misconfigured as a result.
