Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill directs the agent to read project files, inspect logs, and operate a local HTTP server, but it does not declare corresponding permissions or capabilities. This creates a transparency and policy-enforcement gap: users or platforms may approve the skill expecting a narrower trust boundary, while the workflow still causes file access and network exposure on localhost.
