Edit Issue - .issue.db

Title *

Description

## Tools Security Review (Issue #353)

### CRITICAL Issues Found and Fixed
- **#354 SSRF in http_request.py** - CLOSED - Added URL validation to block internal IPs

### HIGH Issues Created
- **#355 Mock data in http_request.py** - Lines 146-178 have hardcoded mock data

### MEDIUM Issues Created  
- **#356 LLM API keys** - Should use Secret Manager, not just env vars

### Tools Reviewed - PASSED
| Tool | Security | Secrets | Notes |
|------|----------|---------|-------|
| secrets.py | ✓ | ✓ | Excellent - UUID-only lookups, scope verification, audit logging |
| docker/*.py | ✓ | N/A | Good security defaults (cap_drop=ALL, no-new-privileges) |
| approval_tool.py | ✓ | N/A | Good - uses ApprovalService, tenant isolation |
| email_tool.py | ✓ | ✓ | Uses config.get_secret() for SMTP password |
| python_task.py | ✓ | N/A | Zip Slip protection, module scrubbing |
| shell_command.py | ✓ | N/A | By design - executes commands for workflows |
| code_executor.py | ⚠ | N/A | No sandboxing (documented limitation) |
| llm.py | ⚠ | ⚠ | Only Ollama works, API keys from env only |

### Summary
42 built-in tools reviewed. Critical SSRF issue fixed. Two follow-up tickets created.

Due Date (YYYY-MM-DD)

Tags (comma separated)

Related Issues (IDs)

Enter IDs of issues related to this one. They will be linked as 'related'.

Edit Issue #353