Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill explicitly instructs the agent to read and write local workspace files under memory/ontology, create directories, and append to graph and schema files, but it does not declare any permissions or guardrails for those capabilities. In a composable memory skill, undeclared file-write access is risky because other skills may rely on this shared state, making silent persistence, data tampering, or cross-skill poisoning easier if invocation is triggered unexpectedly or with untrusted content.
