mcp

The server's core functionality involves executing external Tenzir binaries and test frameworks (`tenzir` and `tenzir-test`) via `asyncio.create_subprocess_exec`. While arguments are generally passed as a list to mitigate shell injection, the `TENZIR_BINARY` environment variable (if set) determines the executable, posing a risk if configured maliciously (e.g., pointing to a harmful script or containing command separators). User-provided TQL code for `run_pipeline` and `run_test` is executed by this external binary, meaning vulnerabilities could exist within the Tenzir binary or TQL itself when processing untrusted input. Initial bootstrapping of documentation and OCSF schemas involves cloning a Git repository and running `pnpm` commands, requiring external network access and Node.js dependencies, but this occurs in a temporary directory and is not user-controlled at runtime.