Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill instructs the agent to perform network fetches and write cached content and notes to the local filesystem, but no permissions are explicitly declared. That creates an authorization and review gap: operators may believe the skill is documentation-only while it can modify workspace state and pull remote content, increasing risk of unintended writes, data contamination, or misuse through prompt injection into cached material.
