Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 82% confidence
- Finding
- The skill documentation declares only local prompt-building behavior, yet the static analysis indicates capabilities for environment access, file read/write, and network use without any declared permissions. This is dangerous because users and orchestrators cannot accurately assess what data the skill may access or exfiltrate, especially when context, style profiles, or corpus data may be sensitive.
