Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill documentation advertises capabilities that imply environment access, file read/write, and optional network-backed components, but no explicit permissions model is declared. This creates a trust gap: an agent may invoke the skill with broader access than users expect, reducing transparency and making misuse or overcollection harder to detect.
