Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill instructs the agent to create local project files and download remote assets, which are code-capable behaviors that should be explicitly declared and permission-gated. Without declared permissions, users and hosting systems may not realize the skill can write to disk and access the network, increasing the chance of silent filesystem changes or unreviewed remote content retrieval.
