Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly instructs use of shell execution (`python3 scripts/autoloop.py`) and writes persistent artifacts such as `autoloop_state.json`, `iteration_log.jsonl`, and handoff files, but declares no permissions. This mismatch is a real security issue because it hides operational capabilities from policy enforcement and review, making it easier for a caller to invoke file writes and subprocess behavior without explicit authorization boundaries.
