Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill instructs writing an output HTML file but declares no permissions, creating a capability/consent mismatch. This is dangerous because file creation can occur without clear user awareness or platform-level gating, and HTML output may later be opened in a browser or reused in other contexts.
