Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill instructs the agent to read arbitrary user-specified paths and additional local files such as the scanner and report, yet it declares no permissions. This creates a transparency and policy-enforcement gap: an agent or platform may execute file reads without an explicit permission boundary, increasing the chance of unintended access to sensitive local data.
