Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill clearly performs outbound network access to the Semantic Scholar API, but the metadata declares no permissions. This creates a transparency and governance gap: users or platforms may authorize or run the skill without realizing it transmits queries externally, which can expose sensitive research topics or user-provided input to a third party.
