Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill clearly instructs file writes and network access, yet no permissions are declared. That creates a consent and sandboxing gap: a host may not surface the real capabilities to users or may fail to enforce least privilege before the skill writes config files, logs, tokens, or calls third-party APIs.
