Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to read an entire target directory, write reports to disk, and potentially invoke a Python script, but it does not declare any permissions or capability boundaries. This creates a trust and review gap: an agent may perform filesystem reads/writes and possibly network-capable code execution without the user seeing an explicit permission model, increasing the risk of overreach or unsafe execution in permissive runtimes.
