Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill instructs the agent to write JSON files under /tmp and generate an HTML file via build.py, but the metadata does not declare file read/write permissions. That creates a capability/permission mismatch that can bypass user expectations and reduce policy enforcement visibility around local file access.
