Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill declares no permissions, but its documented behavior includes file reads and automatic network access to download dictionaries from GitHub on first run. This creates a capability/permission mismatch that can bypass user or platform expectations, and network retrieval of executable inputs or data introduces supply-chain and integrity risks if the source is tampered with or unavailable.
