Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documents capabilities to launch processes, read and write project files, and interact with the desktop, but it declares no permissions. That mismatch is dangerous because it hides the true execution surface from any permission or consent model, increasing the chance of silent file modification, shell/process execution, and unintended access to local data.
