Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill invokes file paths under /root/myfiles/, reads local reference files, and performs outbound network actions via Feishu upload/send, yet no permissions are declared. This creates a transparency and policy-enforcement gap: reviewers and runtime controls cannot accurately assess or constrain what the skill can access or transmit.
