mcp-tasks

The provided source code is truncated and does not include the core Clojure implementation for the MCP server and CLI, limiting a comprehensive security audit. Visible shell scripts appear to follow safe practices, using standard commands for file operations and git. The `web-session-start` script downloads binaries from GitHub releases, a legitimate but inherent risk when executing downloaded code. Prompt templating uses Selmer, which could introduce Server-Side Template Injection (SSTI) vulnerabilities if user-controlled input is unsafely integrated into template contexts. However, the documentation states that variable substitution is 'used internally', suggesting a controlled environment. Without the full Clojure source code that handles prompt rendering and user input processing, it's not possible to definitively rule out templating or other injection risks, hardcoded secrets, or subtle malicious patterns.