Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs the agent to read and write files in the workspace, but the skill declares no explicit permissions or safety boundary for those capabilities. That mismatch can cause the agent to perform persistent file operations without clear user awareness or policy enforcement, increasing the risk of unintended data modification.
