B
85/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
85/100
HIGH 1
Findings (1)
HIGH
Cross-tool data leakage
L46 Detects patterns where credential or secret reads are combined with external data transmission
GET | Validate API key + post
description: "Upload content FIX
Prevent credentials and sensitive data obtained by one MCP tool from being passed to other tools. Implement data isolation between tools and restrict cross-tool data flow for secrets.
FP?
Likely FP if the cross-tool data flow is intentional API authentication (e.g., a tool fetches an auth token that another tool uses for the same service).