Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill documents capabilities to read and write local files, access the network, and invoke subprocesses, but does not declare corresponding permissions in a machine-readable way. This creates a transparency and policy-enforcement gap: an agent or platform may invoke the skill without understanding its actual authority, increasing the chance of overprivileged or unexpected execution.
