Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill documentation describes executing local Python scripts, writing intermediate and final artifacts to /tmp and research/, performing web access, and potentially using environment data, yet no permissions are declared. That mismatch can cause the platform or reviewers to underestimate the skill's capabilities, reducing effective consent, sandboxing, and policy enforcement around network and file operations.
