Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill clearly instructs the agent to read and write sensitive divorce-related data under `memory/divorce/`, but it declares no permissions. That mismatch is a real security issue because the platform and users are not given accurate visibility into the skill's filesystem capabilities, especially for highly sensitive financial, custody, and legal-preparation information.
