Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill explicitly states that credentials are stored in `scripts/.env` and that it uses a Python client to call external CMS APIs, but the skill manifest does not declare corresponding permissions. This creates a capability/permission mismatch that can hide access to secrets and outbound network actions from reviewers and policy controls, increasing the risk of unauthorized content changes or data exfiltration.
