Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill documentation describes file read and file write behavior but does not declare any corresponding permissions or enforceable constraints. This creates a mismatch between stated capabilities and the trust boundary, which can lead to unauthorized access to arbitrary local paths if the implementation does not strictly validate input and output locations.
