Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 72% confidence
- Finding
- The skill declares no dependencies or permissions, yet the content references local files and writable artifacts such as config and memory paths, which is consistent with undeclared file read/write behavior. This creates a trust gap: operators may install or invoke the skill believing it is metadata-only, while the implementation can access or modify local data without explicit disclosure.
