A
92/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
92/100
MEDIUM 1
Findings (1)
MEDIUM
Cross-tool data leakage
L138 Detects patterns where credential or secret reads are combined with external data transmission
access session-protected endpoints (API key + Upload metadata FIX
Prevent credentials and sensitive data obtained by one MCP tool from being passed to other tools. Implement data isolation between tools and restrict cross-tool data flow for secrets.
FP?
Likely FP if the cross-tool data flow is intentional API authentication (e.g., a tool fetches an auth token that another tool uses for the same service).