Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill advertises read-only analysis, but its instructions clearly involve network access, reading environment variables, and writing files, while no permissions are declared. This mismatch can mislead users or enforcement systems about what the skill is capable of, reducing transparency and weakening least-privilege controls.
