Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill performs file reads and writes (`assets/template.md`, `memory/action-items-{date}.json`) but does not declare any permissions or user-facing notice for those capabilities. Hidden persistence and local file access increase the chance of unintended data handling, especially because meeting minutes often contain sensitive business information.
