Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill instructs reading `references/plan.md` and writing `errorset.md`, but declares no permissions or capability boundaries. This creates a transparency and governance gap: a host or reviewer may treat the skill as non-invasive while it can access and modify local files in the user's workspace. In this context, the file operations are related to the stated study-plan function, so the issue is not overtly malicious, but it still weakens user consent and platform enforcement.
