Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documentation clearly instructs users to run Python scripts, read browser cookies, and write output files, yet the skill declares no permissions. This creates a transparency and least-privilege problem: users and the platform cannot accurately assess or gate file and shell access before execution.
