Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documentation describes reading and writing sensitive health data to local files, including imports and persistent storage in the user's home directory, but no explicit permissions are declared. This creates a real security and privacy governance gap: users and the platform may not have clear visibility or enforcement over filesystem access for medical data.
