Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs reading a local company code file and generating multiple project artifacts, which implies file read/write capabilities without any declared permissions or user-facing constraints. This weakens transparency and safety controls, and could lead to unauthorized access to local files or unexpected artifact creation/overwrite in the workspace.
