Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares and documents capabilities that access environment secrets, perform network requests, and invoke shell/Node commands, yet it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an agent or platform may expose sensitive functionality without explicit operator awareness, increasing the chance of secret misuse or unintended outbound actions.
