#353 Security & Implementation Review: Built-in Tools

## Tools Security Review (Issue #353) ### CRITICAL Issues Found and Fixed - **#354 SSRF in http_request.py** - CLOSED - Added URL validation to block internal IPs ### HIGH Issues Created - **#355 Mock data in http_request.py** - Lines 146-178 have hardcoded mock data ### MEDIUM Issues Created - **#356 LLM API keys** - Should use Secret Manager, not just env vars ### Tools Reviewed - PASSED | Tool | Security | Secrets | Notes | |------|----------|---------|-------| | secrets.py | ✓ | ✓ | Excellent - UUID-only lookups, scope verification, audit logging | | docker/*.py | ✓ | N/A | Good security defaults (cap_drop=ALL, no-new-privileges) | | approval_tool.py | ✓ | N/A | Good - uses ApprovalService, tenant isolation | | email_tool.py | ✓ | ✓ | Uses config.get_secret() for SMTP password | | python_task.py | ✓ | N/A | Zip Slip protection, module scrubbing | | shell_command.py | ✓ | N/A | By design - executes commands for workflows | | code_executor.py | ⚠ | N/A | No sandboxing (documented limitation) | | llm.py | ⚠ | ⚠ | Only Ollama works, API keys from env only | ### Summary 42 built-in tools reviewed. Critical SSRF issue fixed. Two follow-up tickets created.