agno-mcp-rag-langgraph-project

CRITICAL VULNERABILITIES DETECTED: 1. Arbitrary Code Execution (eval): Several files within `swarm-writer-agents` (e.g., `ai-travel-agents/agents/orchestrator_agent.py`, `flight_agent.py`, `email_agent.py`, `hotel_agent.py`, `ai-recruiter-agency/agents/orchestrator.py`, `recommender_agent.py`, `screener_agent.py`, `matcher_agent.py`) use `eval(messages[-1]["content"])` with `messages[-1]["content"]` originating from user-controlled input. This allows an attacker to execute arbitrary Python code on the server, posing an extreme risk. 2. Exposed Filesystem Operations: The `mcp_server/tools/filesystem.py` module exposes tools (`read_file`, `write_file`, `list_dir`, `search_in_files`) that grant direct access to the server's filesystem. If the MCP server is publicly exposed or an agent is compromised, this could lead to unauthorized data access, modification, or deletion. 3. File Upload Processing: The `rag_project/app.py` and `app_from_rag_basics_final_working.py` allow file uploads. While `secure_filename` is used, the subsequent processing of these files (e.g., PDF extraction) could expose vulnerabilities if malicious files are uploaded. 4. Uncontrolled JSON Parsing: `langgraph_app/graph.py` performs `json.loads()` on agent output, which, while standard, could be a vector for attack if the underlying LLM's output is not strictly constrained and an attacker can inject malicious JSON structures.