Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill describes capabilities that imply network access and local configuration file writes (`config.json`), yet it declares no explicit permissions. This creates a transparency and governance gap: users or agent platforms may authorize or run the skill without understanding that it can transmit data externally and persist secrets locally, increasing the chance of unintended data exposure or unsafe execution.
