Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill advertises only investment analysis but the content indicates capabilities equivalent to file read/write, network access, shell use, and environment access without any explicit permission declaration or user disclosure. This creates a hidden trust boundary issue: a user invoking a seemingly benign analysis skill may unknowingly authorize sensitive local actions and outbound connections.
