Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill declares no permissions or dependencies, yet the file structure and documented behavior indicate file read/write capabilities via configuration files, output image paths, and generation history storage. This creates a permission transparency gap: operators may approve or run the skill without understanding that it can access and modify local files, increasing the risk of unintended data exposure or unauthorized writes if the implementation is broader than the documentation suggests.
