Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documentation advertises file input/output and implied network collection behavior, but it declares no permissions. Missing permission declarations can cause users or hosts to invoke a skill without understanding that it may read local files, write exports, or access external services, which weakens trust and security review. In this context the risk is moderate because the actions are aligned with the stated utility, but they still require explicit disclosure.
