Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill demonstrates file read/write behavior throughout its examples, but the metadata declares no permissions. In an agent environment, undeclared filesystem capabilities reduce transparency and can cause the skill to be invoked with broader access than users or policy expect, increasing the chance of unintended document access or modification.
