Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill instructs use of local file paths and writes outputs to temporary locations, which implies file read/write capability without any declared permission model or user-consent boundary. In an agent setting, this can lead to unintended access to sensitive local documents or uncontrolled creation of files if the runtime assumes undeclared capabilities are allowed.
