Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill has broad effective capabilities: it reads extensive local files, writes its own state and reports, can invoke an external command, and directs the host agent to perform additional probes or fetch-related actions in some flows. Even if framed as a security audit, the absence of declared permissions creates a transparency and least-privilege gap that can surprise users and weaken policy enforcement.
