Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill directs the agent to generate local output files such as HTML, JSON, and Markdown, and references local scripts and output paths, but it does not declare permissions for file-writing behavior. Undeclared write capability weakens user consent and platform policy enforcement because the skill can create or overwrite files beyond what a user may reasonably expect.
