Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill documentation does not declare permissions, yet the implementation reportedly performs file writes for persistent audit logging. Undeclared write capability is risky because it expands the skill's effective privileges beyond what a reviewer or operator would expect, and log files can accumulate sensitive prompts or outputs on disk.
