google-adk-python

The code does not show clear indicators of intentional malware, but it materially increases security exposure by (1) enabling SSRF-capable outbound fetches to arbitrary URLs, (2) persisting/propagating untrusted content through ToolContext artifacts and state, and (3) spawning MCP servers via npx at runtime, which introduces supply-chain/execution-path risk and grants powerful capabilities (filesystem/git/postgres) to an agent. Additionally, inclusion of a built-in code-execution tool could be a critical risk depending on sandboxing and permissions. Overall, treat as a high-capability integration that requires strict input validation, tool permissioning, network egress controls, and dependency pinning/supply-chain protections.