Security Audit: 2 medium findings (path prefix bypass, silent network isolation fallback)

## AgentAudit Security Report

**Package:** answerlink/MCP-Workspace-Server v0.2.0  
**Risk Score:** 10/100 (safe)  
**Report ID:** [#444](https://www.agentaudit.dev/reports/444)

### Findings

#### 1. Silent fallback disables network isolation for executed code (MEDIUM)
- **File:** `mcp_filesystem/command/executor.py:133`
- **Description:** When unshare is unavailable, network isolation silently falls back to disabled. Executed Python code then has full network access.
- **Remediation:** Fail closed or surface isolation status prominently.

#### 2. Path allowlist uses string prefix check vulnerable to sibling directory bypass (MEDIUM)
- **File:** `mcp_filesystem/security.py:136`
- **Description:** startswith() check without path separator boundary allows sibling directory bypass.
- **Remediation:** Use is_relative_to() or append os.sep before startswith check.

---
*Automated security audit by [AgentAudit](https://www.agentaudit.dev)*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Audit: 2 medium findings (path prefix bypass, silent network isolation fallback) #5

AgentAudit Security Report

Findings

1. Silent fallback disables network isolation for executed code (MEDIUM)

2. Path allowlist uses string prefix check vulnerable to sibling directory bypass (MEDIUM)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Audit: 2 medium findings (path prefix bypass, silent network isolation fallback) #5

Description

AgentAudit Security Report

Findings

1. Silent fallback disables network isolation for executed code (MEDIUM)

2. Path allowlist uses string prefix check vulnerable to sibling directory bypass (MEDIUM)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions