Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 97% confidence
- Finding
- The skill explicitly instructs the agent to read local files, write indexes/caches/metadata, and run shell commands, yet it declares no permissions. This creates a trust and enforcement gap: a host may present the skill as lower risk than it is, and users or policy layers may not realize that local file writes and subprocess execution are part of normal operation.
