Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly performs file reads and writes by accepting a template path, reading reference materials, and writing a generated .docx, yet no explicit permissions are declared. This creates a security transparency and policy-enforcement gap: a host may invoke the skill without clearly surfacing filesystem access expectations to users or applying least-privilege controls.
