Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 81% confidence
- Finding
- The skill instructs the agent to read and write local files (`./data/raw`, `./data/processed`, `./reports`) but does not declare corresponding permissions. Undeclared file access weakens policy enforcement and transparency, increasing the chance that an agent executes filesystem operations the user or platform did not explicitly authorize.
