Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill clearly performs outbound network operations to an external API gateway, but the metadata does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill transmits prompts and related parameters off-platform, weakening consent and security review.
