Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documentation describes installation and execution of a program that reads configuration, writes report files, and fetches content from external network sources, but it does not declare corresponding permissions. That creates a transparency and consent gap: users may run a skill without understanding its file-system and network access, increasing the chance of unintended data exposure or unsafe execution in sensitive environments.
