Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill clearly instructs the agent to read and modify user configuration files, but it declares no permissions or equivalent capability boundaries. This creates a transparency and authorization gap: an invoking system or user may not realize the skill can access and change files in the home directory, increasing the risk of unintended file access or modification.
