Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 85% confidence
- Finding
- The skill clearly directs initialization scripts, persistent file creation, git repository setup, and memory search configuration, which implies file read/write and likely network-backed retrieval capabilities without an explicit permission declaration. This is dangerous because operators may enable a skill with broader side effects than expected, reducing transparency and weakening consent around persistence and external provider use.
