Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill advertises and exemplifies file/data preloading behavior but declares no permissions, creating a mismatch between documented capabilities and the security model. In an agent environment, undeclared file-read behavior can bypass user expectations and platform policy checks, especially when combined with speculative loading of resources the user did not explicitly request.
