Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill documentation demonstrates code that writes output files (for example, generating 'output.jpg') and performs image processing without any declared permissions. Even if file output is expected for this skill’s purpose, the absence of an explicit permission declaration creates a mismatch between documented capabilities and the security model, which can enable unintended file writes or make review and sandboxing less reliable.
