codebadger-toolkit

The server processes arbitrary source code for analysis, which is an inherent risk. It utilizes Docker containerization for the Joern analysis engine, providing a layer of isolation. Input validation is present for CPGQL queries (blocking dangerous commands like `System.exit`) and source code paths (preventing traversal). Extensive use of `docker exec` for CPG generation and Joern server management inside the container is a critical component; while paths are constrained to the `/playground` mount, any vulnerability in command construction could be severe. No hardcoded secrets were identified. Overall, the system demonstrates awareness of security implications, but running arbitrary static analysis inherently carries risks.