Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares operational requirements and clearly uses environment variables, reads local input images, and writes generated output files, but it does not declare permissions for those capabilities. Missing permission declarations reduce transparency and can bypass user or platform expectations about what the skill may access, especially because it handles local files and secrets used to reach an external service.
