Hi tadata-org team,
I recently ran a security audit on fastapi-mcp as part of research on MCP server framework security posture.
Found a couple of items worth flagging:
1. Tool description injection risk
fastapi-mcp auto-generates tool descriptions from FastAPI endpoint docstrings and OpenAPI specs without validating them against adversarial patterns. Any FastAPI app with user-controlled endpoint descriptions could generate poisoned tool descriptions that redirect LLM behaviour.
2. Missing output sanitization
API response content forwarded to the model context isn't scanned for embedded injection patterns. Framework-level sanitization here would protect every FastAPI app exposed as an MCP server — zero effort for downstream developers.
Both are in a full audit report — 8-page PDF with CVSS ratings, EU AI Act mapping, and remediation steps — for $29 at luciferforge.github.io/mcp-security-audit/
Demo: https://luciferforge.github.io/mcp-audit-reports/
— Lucifer / LuciferForge Security
Hi tadata-org team,
I recently ran a security audit on fastapi-mcp as part of research on MCP server framework security posture.
Found a couple of items worth flagging:
1. Tool description injection risk
fastapi-mcp auto-generates tool descriptions from FastAPI endpoint docstrings and OpenAPI specs without validating them against adversarial patterns. Any FastAPI app with user-controlled endpoint descriptions could generate poisoned tool descriptions that redirect LLM behaviour.
2. Missing output sanitization
API response content forwarded to the model context isn't scanned for embedded injection patterns. Framework-level sanitization here would protect every FastAPI app exposed as an MCP server — zero effort for downstream developers.
Both are in a full audit report — 8-page PDF with CVSS ratings, EU AI Act mapping, and remediation steps — for $29 at luciferforge.github.io/mcp-security-audit/
Demo: https://luciferforge.github.io/mcp-audit-reports/
— Lucifer / LuciferForge Security