Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill explicitly instructs the agent to create and modify workspace files under `memory/ontology` and to use direct file operations, but it does not declare corresponding permissions or capability boundaries. This creates a mismatch between documented behavior and the platform's security model, increasing the chance of unauthorized or unexpected file writes when the skill is invoked.
