Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill documentation describes shell, file read, and file write capabilities but does not declare corresponding permissions or clearly scope them. This creates a transparency and consent problem: an agent invoking the skill may perform filesystem and command execution side effects that are not obvious from the permission model.
