Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill directs the operator to use file reads and start a local HTTP server, but it does not declare permissions or clearly scope those capabilities in a machine-enforceable way. In a multi-agent coding workflow that reads project files, logs, requests, and serves dashboard data, missing permission declarations can lead to overbroad access and reduce the platform's ability to warn users or sandbox risky behavior.
