Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to scan repositories, inspect files, and generate documentation artifacts, which clearly implies file read and file write capabilities, but it does not declare permissions or constrain scope. Missing explicit permission declarations weakens policy enforcement and user visibility, increasing the chance of over-broad repository access or unintended modification of files during execution.
