Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documents capabilities to read environment variables, write configuration, access files, and call a remote API, yet it declares no permissions. This weakens user visibility and policy enforcement, increasing the chance that sensitive operations like API-key storage and outbound data transfer occur without informed consent.
