[Safe Outputs Conformance] SEC-004: Three MCP infrastructure handlers missing content sanitization

[github-actions]

Conformance Check Failure

Check ID: SEC-004
Severity: MEDIUM
Category: Security — Content Sanitization Required

Problem Description

The SEC-004 conformance check requires that any handler containing a body field also includes a recognized sanitization function (sanitize, stripHTML, escapeMarkdown, or cleanContent). Three MCP infrastructure files fail this check because their body references (HTTP request/response bodies for JSON-RPC communication) are not accompanied by any content sanitization logic, even though they process externally-sourced content before it reaches downstream consumers.

Affected Components

• actions/setup/js/mcp_cli_bridge.cjs — HTTP POST helper with body field; formats and outputs MCP tool responses to stdout
• actions/setup/js/mount_mcp_as_cli.cjs — HTTP POST helper with body field; relays MCP server responses to the CLI caller
• actions/setup/js/start_mcp_gateway.cjs — HTTP GET helper with body field; reads MCP gateway health responses

🔍 Current vs Expected Behavior

Current Behavior

Each file defines an HTTP helper that reads a response body from an MCP server and either surfaces it directly to stdout or passes it on to callers. None of the files call a sanitization helper before the content is forwarded.

Relevant grep evidence from the conformance checker:

actions/setup/js/mcp_cli_bridge.cjs  — grep "body" matches; grep "sanitize|stripHTML|escapeMarkdown|cleanContent" → no match
actions/setup/js/mount_mcp_as_cli.cjs — same result
actions/setup/js/start_mcp_gateway.cjs — same result

Expected Behavior

Per the Safe Outputs Specification (SEC-004), handlers that receive or forward body content must sanitize it using one of the standard helpers before surfacing it to callers or writing it to outputs. Even when the body is a JSON-RPC payload (not a Markdown document), a sanitization pass guards against unexpected control characters, injection payloads embedded in tool responses, and accidental Markdown rendering in downstream consumers.

Remediation Steps

This task can be assigned to a Copilot coding agent with the following steps:

1. Evaluate exemption eligibility: Determine whether these infrastructure files genuinely need to sanitize HTTP bodies or whether they qualify for a @safe-outputs-exempt SEC-004 annotation (if the spec supports it). If the body is strictly a JSON-RPC envelope that is never rendered as Markdown, document the exemption inline.

2. Add sanitization (if not exempt): Import or inline a sanitizeContent helper (consistent with the pattern used by compliant handlers) and apply it before forwarding body content:

   // Example: strip control characters from externally-sourced MCP response body
   function sanitizeContent(str) {
     return typeof str === "string" ? str.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "") : str;
   }

3. Apply consistently: In each affected file, wrap the point where body content is first consumed or forwarded through the sanitization helper.

4. Alternatively, add exemption annotations if these are purely transport-layer files that never produce safe outputs:

   // `@safe-outputs-exempt` SEC-004 — body is a JSON-RPC envelope, not rendered content

   Then update scripts/check-safe-outputs-conformance.sh to honour the @safe-outputs-exempt SEC-004 annotation (mirroring the existing SEC-005 exemption pattern at line ~55).

Verification

After remediation, verify the fix by running:

bash scripts/check-safe-outputs-conformance.sh

The check SEC-004 should pass without MEDIUM failures for these three files.

References

• Safe Outputs Specification: docs/src/content/docs/reference/safe-outputs-specification.md
• Conformance Checker: scripts/check-safe-outputs-conformance.sh
• Run ID: §24588644003
• Date: 2026-04-17

Generated by Daily Safe Outputs Conformance Checker · ● 79.7K · ◷

• expires on Apr 18, 2026, 10:07 PM UTC

[pelikhan]

@copilot they are all exempt, add markers

[github-actions]

🍪 *Issue Monster has assigned this to Copilotecho BEGIN___COMMAND_OUTPUT_MARKER ; PS1= ; PS2= ; unset HISTFILE ; EC=0 ; echo ___BEGIN___COMMAND_DONE_MARKER___0 ; }

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot coding agent.

The Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪> [!CAUTION]

Security scanning requires review for Issue Monster

Details

Potential security threats were detected in the agent output. The workflow output should be reviewed before merging.

Review the workflow run logs for details.

🍪 Om nom nom by Issue Monster · ● 516.4K · ◷