Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill instructs the agent to read input CSVs and write multiple output files, but no permissions are declared to make those capabilities explicit or constrain their use. This creates a transparency and governance gap: an agent may access local business records and persist audit artifacts to disk without clear authorization boundaries, which is risky because the data involved is sensitive financial and tax information.
