Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill documentation indicates file read/write capabilities without declaring corresponding permissions, which creates hidden capability risk and weakens trust boundaries for agents using the skill. In a multi-agent trading system, undeclared filesystem access can enable unintended data exfiltration, state tampering, or persistence beyond the advertised in-memory scope.
