Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill advertises no declared permissions while its embedded templates clearly perform local file reads and writes, creating a mismatch between declared capabilities and actual behavior. This can mislead users or reviewers about what the skill may do and weakens permission-based trust and oversight, especially in an automation-focused skill that encourages saving reports and processed data to disk.
