Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill instructs the agent to create annotated output files but does not declare any permissions for file writing. This creates a transparency and policy-enforcement gap: a host system or reviewer may underestimate the skill's ability to modify or generate files, increasing the chance of unauthorized writes or unsafe execution in broader workflows.
