fastmcp
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The
templates/file_processor.pyfile contains tools that allow reading arbitrary files from the filesystem via a user-provided path. The implementation usingexpanduser()enables access to the home directory, which could facilitate the exposure of sensitive system configuration or credential files if the agent is directed to access them. - [COMMAND_EXECUTION]: The
templates/database_server.pyfile provides a tool for executing raw SQL queries on a SQLite database. Although it includes safeguards such as a read-only connection and a basic validation forSELECTstatements, dynamic SQL execution represents a surface for unauthorized data access. - [PROMPT_INJECTION]: The
templates/file_processor.pytemplate creates an indirect prompt injection surface by ingesting untrusted content from the local filesystem and providing it to the agent context. - Ingestion points: The
_read_textfunction intemplates/file_processor.pyreads data directly from the local disk. - Boundary markers: No explicit delimiters or boundary instructions are included in the template to isolate file content from agent instructions.
- Capability inventory: The tools
summarize_text_file,search_text_file, andread_file_resourceenable the agent to read and process file contents. - Sanitization: The template does not perform validation or sanitization on the content read from files before returning it to the caller.
- [EXTERNAL_DOWNLOADS]: The skill instructions specify the installation of the
fastmcpandhttpxPython packages from standard registries. Additionally, theapi_wrapper.pytemplate is designed to facilitate network requests to external API endpoints as part of its core functionality.
Audit Metadata