| AI provider API keys | Exposure via logs, config files, or provider helpers | src/services/ai/providerFactory.ts, env vars |
| File system access | Path traversal, reading outside repo boundaries | src/services/mcp/gateway/explore.ts, readFileTool.ts |
| MCP server stdio | Command injection via tool parameters | src/services/mcp/mcpServer.ts |
| Generated scaffold content | Inclusion of secrets in .context/ output | src/services/ai/tools/, src/services/autoFill/, src/generators/ |
| User repository content | Unintended exposure via exported context | src/services/export/, src/services/sync/ |
| Dependencies | Supply chain vulnerabilities | package.json |