Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill instructs the agent to read a user-supplied PDF and write multiple artifacts to disk, but it declares no explicit permissions or constraints. That mismatch weakens policy enforcement and user visibility, making it easier for file access to occur implicitly or more broadly than intended.
