Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill documentation describes capabilities that imply environment access, file read/write, and outbound network use, but it does not declare or surface those permissions to the user. This creates a transparency and consent gap: the skill can request API keys, persist them, and send image content to an external service without an explicit permission model being documented.
