Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill instructs use of local scripts and explicitly stores hiring data under `memory/recruiting/`, which implies file read/write behavior, but it does not declare corresponding permissions. Undeclared filesystem access weakens security transparency and policy enforcement because users and hosting platforms cannot accurately assess or constrain what the skill can access or modify.
