Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill advertises behaviors that read local transcripts/events, write to a SQLite database, and optionally send alerts to external destinations via webhook URLs, but it does not declare explicit permissions for file access or network use. This creates a transparency and policy-enforcement gap: an agent or reviewer may treat the skill as low-privilege even though it can access local data and exfiltrate telemetry if alerting is configured.
