Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill metadata declares no permissions, yet the workflow explicitly invokes a bundled Python script that writes output files and may access network resources via referenced public URLs or provenance data. This mismatch can mislead reviewers and users about the skill's real capabilities, reducing informed consent and weakening sandboxing or policy enforcement around file-write and network access.
