Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to invoke `python save_file.py --path ... --content ...` to write generated code to an arbitrary path, but no permissions are declared to signal or constrain filesystem access. This creates a real capability/permission mismatch: the agent may perform local file writes without explicit user awareness, policy gating, or path restrictions, increasing the risk of overwriting files or planting code artifacts.
