Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill clearly directs file reads/writes to a local cache and credential file, and network access to a shared gateway, yet no explicit permissions model is declared. This creates hidden capability expansion: an agent may perform sensitive log access, credential handling, and remote queries without transparent review or least-privilege controls.
