Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill declares itself as a planning/configuration guide but includes behaviors requiring file read, network, and shell-like capabilities without any explicit permission declaration or consent framework. This creates a transparency and authorization gap: users may invoke a seemingly advisory skill that can persist data, contact external services, or trigger local commands.
