Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 82% confidence
- Finding
- The skill explicitly instructs reading a local credential file (`~/.zlbx/config.json`) and writing reports to a local directory, but only declares an environment-variable requirement rather than corresponding file permissions or transparent consent boundaries. This creates a permission-model gap: an agent or reviewer may underestimate the skill's ability to access local data and persist files, increasing the risk of unintended file access or silent artifact creation.
