mcp-hyperautomation

The server's core logic (`server.py`) primarily acts as a proxy, sending requests to external HyperAutomation (HA) agent webhooks and polling Google BigQuery for results. Direct `eval` or `exec` vulnerabilities are not apparent within `server.py`. Input validation at the HA workflow level (checking `action`, `input`, `req_id` types) provides a basic layer of defense. However, the overall security highly depends on: 1. The secure configuration and trustworthiness of the external HyperAutomation platform where agents are deployed. 2. The security of the Google Cloud Platform project and service account credentials used for BigQuery access. 3. Proper handling of user-provided PQL queries to prevent injection if the HA platform doesn't adequately sanitize inputs, though the LLM is instructed on escaping backslashes. 4. Misconfiguration of webhook endpoints could lead to sensitive data exposure or unauthorized actions. Hardcoded BigQuery project/dataset/table IDs in agent JSONs could be a minor concern for flexibility but are overridden by environment variables in the Python server's `google_big_query_client.py`.