Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill requires environment secrets, local config/token persistence, shell execution, file access, and outbound network access, but it does not declare explicit permissions for those capabilities. This weakens user and platform transparency, making it easier for a powerful skill to access credentials, write token caches, and contact external services without clear consent boundaries.
