openapi2mcp

The tool processes OpenAPI specifications and generates TypeScript code. It uses `wash`'s `host_exec` to interact with the filesystem (copying files to/from a sandbox) and execute other commands like `wash build` or `npx`. While the generation process itself is sandboxed in WASI, the plugin performs file operations (copying a user's project into a sandbox and copying the generated code back) and executes build commands on the host machine. If `project_path` or `openapi_path` are manipulated to point to sensitive system directories or contain malicious code (e.g., in an OpenAPI definition causing malicious scripts in the generated `package.json`), this could lead to unintended consequences when `wash build` or other tools are run on the generated project. However, direct shell injection through path arguments for `host_exec` is mitigated by passing arguments as a list of strings. The core Rust generator code does not use `eval` or obvious obfuscation, nor does it contain hardcoded secrets. The primary risk lies with how the generated TypeScript code is handled downstream by the user, and the implicit trust in the `project_path` where generated files are placed.