Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill advertises routing behavior only, but static analysis detected file read/write and environment access without any declared permissions. Undeclared capabilities weaken reviewability and can enable unexpected access to local data or persistence, especially in a task-oriented skill that may process user-driven inputs and generate files like daily.json.
