Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill documentation advertises executable workflows that read input files and write cleaned datasets and audit reports, but it does not declare corresponding permissions. In an agent environment, this creates a trust and policy gap: operators may approve or route the skill under the assumption that it has no file-system effects, while the packaged code is expected to access and modify local data.
