Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documents and encourages use of file read/write, shell, and MCP capabilities, but the metadata declares no permissions. This creates a transparency and consent gap: users or policy engines may treat the skill as low-privilege while it scaffolds agents that can access the filesystem, execute commands, and connect to external tool servers.
