Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill advertises executable capabilities involving environment access but does not declare permissions, which weakens reviewability and informed consent. In a profiling skill that already processes user context automatically, undeclared capabilities increase the risk of hidden data access or unexpected execution paths.
