v0.2.0 · live
CAPFRAME
← leaderboard/rank #52
§ serverhttpfindings.v2

GitMCP

https://gitmcp.io/docs

github.com/idosal/git-mcp

Score
B90
Findings
5
Tools
5
Last scan
2026-06-05

Severity breakdown

Critical0
High0
Medium5
Low0
Info0

Worst finding

Tool `match_common_libs_owner_repo_mapping` accepts unconstrained string input

· match_common_libs_owner_repo_mapping

The following string parameter(s) have no `maxLength` constraint: `library`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

All 5 findings

  1. medium
    Tool `match_common_libs_owner_repo_mapping` accepts unconstrained string input· match_common_libs_owner_repo_mappingunconstrained input

    The following string parameter(s) have no `maxLength` constraint: `library`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

  2. medium
    Tool `fetch_generic_documentation` accepts unconstrained string input· fetch_generic_documentationunconstrained input

    The following string parameter(s) have no `maxLength` constraint: `owner`, `repo`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

  3. medium
    Tool `search_generic_documentation` accepts unconstrained string input· search_generic_documentationunconstrained input

    The following string parameter(s) have no `maxLength` constraint: `owner`, `query`, `repo`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

  4. medium
    Tool `search_generic_code` accepts unconstrained string input· search_generic_codeunconstrained input

    The following string parameter(s) have no `maxLength` constraint: `owner`, `query`, `repo`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

  5. medium
    Tool `fetch_generic_url_content` accepts unconstrained string input· fetch_generic_url_contentunconstrained input

    The following string parameter(s) have no `maxLength` constraint: `url`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

How this was scored

Source http live HTTP MCP endpoint, classified against every rule. Findings are emitted by the public capframe.findings.v1 schema. Score = 100 − (10·Critical + 4·High + 2·Medium + 1·Low), clamped to [0, 100].

Disagree with a finding? Open an issue.