Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documents capabilities including file read/write, network access, and shell execution, but does not declare corresponding permissions. This creates a transparency and consent gap: users may invoke a skill that can access local files, store records, contact remote services, and run commands without an explicit permission model, increasing the risk of unnoticed data access or command execution.
