Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill specifies file read/write behaviors such as validating citations against a local knowledge base, initializing directory structures, and writing case memory, but does not declare permissions. Undeclared storage and filesystem access is dangerous because it bypasses informed consent, weakens platform enforcement, and can enable unauthorized access to sensitive HR data or persistence of user data.
