Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill clearly documents network access, reading/writing files in the workspace, and Python execution, but the manifest does not declare equivalent permissions. This creates a transparency and policy-enforcement gap: users or orchestrators may approve the skill without understanding that it can exfiltrate data over the network or persist files locally.
