Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill instructs the agent to run Python code that reads local CSV files, writes output and state to disk, and performs network requests, but the skill metadata declares no permissions or equivalent capability disclosure. This creates a trust and review gap: users or platforms may authorize the skill under false assumptions, increasing the chance of unintended data access, external communication, or file modification.
