homebrew-age-mcp-server

The server is vulnerable to SQL injection through the 'graph_name' parameter in multiple tools (e.g., 'create-age-graph', 'drop-age-graph', 'get-age-schema', 'read-age-cypher', and 'write-age-cypher'). The 'graph_name' argument, which originates from user/LLM input, is directly inserted into SQL queries using f-strings or string formatting (e.g., `SELECT create_graph('{}')` or `cypher('{graph_name}', $$...$$)`) without proper sanitization or parameterized queries for this specific argument. This allows a malicious input for 'graph_name' (e.g., `my_graph'); DROP TABLE important_data; --`) to execute arbitrary SQL commands, potentially leading to data loss, unauthorized access, or database corruption. While the server includes checks for Cypher-level write operations and parameterized Cypher queries, these do not mitigate the SQL injection vulnerability associated with the 'graph_name' argument. The use of `subprocess.check_output` for Azure CLI token retrieval is a legitimate pattern but executing external commands always carries a minimal inherent risk.