Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill directs the agent to perform network access and read/write local files, but the metadata does not declare any permissions or capability boundaries. This weakens security review and user consent because a seemingly simple recommendation skill can fetch remote content, cache data locally, and generate artifacts without explicit disclosure.
