Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill describes use of local storage, SQLite indexing, and CLI commands that imply file reads and shell-capable execution, but it declares no permissions or constraints. This creates a trust and containment gap: the agent may access local files or invoke commands without explicit user-visible authorization boundaries, increasing the risk of unintended data exposure from the knowledge-base paths under ~/.yuzhi/ or from user-supplied file paths.
