spring-ai-mcp-server-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill describes implementation patterns for tools that interact with external systems such as databases, file systems, and network APIs. These patterns are central to the Model Context Protocol's purpose. The provided documentation includes defensive techniques like SQL command filtering, path normalization to prevent traversal attacks, and URL validation.\n- [REMOTE_CODE_EXECUTION]: An advanced pattern for 'Dynamic Tool Registration' is documented, which references the execution of Groovy scripts. This is presented as an architectural option for developers and includes a placeholder implementation.\n- [PROMPT_INJECTION]: The skill outlines patterns for tools that ingest untrusted external data, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Patterns in
references/examples.mddescribe fetching data via SQL queries, HTTP requests, and file reads.\n - Boundary markers: The documentation recommends using structured data (JSON) and validation frameworks to define clear boundaries for inputs.\n
- Capability inventory: The documented patterns include the ability to execute SQL via
JdbcTemplate, perform network requests viaWebClient, and read/write files via the Java NIO API.\n - Sanitization: Implementation examples include logic for sanitizing SQL queries (restricting to SELECT), normalizing file paths, and validating URL protocols.
Audit Metadata