Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill advertises shell execution and persistent file writes to `~/.flex/data.jsonl` but does not declare any permissions or safety boundaries. This creates a transparency and policy-enforcement gap: an agent or reviewer may treat the skill as lower risk than it really is, while it can modify local state and consume environment/context through shell execution.
