Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill advertises no declared permissions, yet its instructions explicitly allow use of python3 and imply reading local resources and writing output files. This creates a capability/permission mismatch that can mislead policy enforcement, reviewers, or users about what the skill can access and modify, weakening trust and containment.
