Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill advertises and demonstrates network access plus local file read/write behavior, but declares no permissions or safety boundaries. This can cause users or orchestrators to invoke it without understanding that it may crawl remote sites, read local directories, and write sitemap.xml or robots.txt to disk, increasing the chance of unintended data exposure or filesystem modification.
