Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill instructs the agent to read and inspect arbitrary local files via a scanning script, but it does not declare corresponding permissions. This creates a capability/permission mismatch: users or orchestrators may not realize the skill can access file contents, undermining transparency and policy enforcement even if the stated goal is protective.
