A data science team creates a SageMaker training job that needs to read training data from S3 and write model artifacts back to S3. A junior engineer gives the SageMaker execution role AmazonS3FullAccess. A security engineer objects. What is the specific risk and the correct IAM principle to apply?