Hi,
I found a potential security issue in:
main.py
Specifically in the execute_command function:
result = subprocess.run(
command,
shell=True,
capture_output=True,
text=True,
encoding='utf-8'
)Why this is a security issue
- The command string is executed with shell=True, enabling shell interpretation.
- Even with a confirmation prompt, the command can still be manipulated via LLM-generated input or untrusted sources in MCP workflows.
Hi,
I found a potential security issue in:
main.pySpecifically in the
execute_commandfunction:Why this is a security issue