Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill documents file read/write behavior and local config loading, but it does not declare permissions accordingly. Undeclared capabilities reduce transparency and can bypass user or platform expectations about what the skill can access, especially when saving into user directories. In a lab context, this raises the risk of silently handling sensitive experimental records without explicit consent boundaries.
