Critical Security Gap in MCP Stdio Probe: Missing Tool-Risk, Info-Disclosure, and Internal-URI Scans

A significant security vulnerability has been identified in the `verifyMcpEndpointStdio` function within the codebase. This function, responsible for probing stdio-based Model Context Protocol (MCP) endpoints, lacks three critical security analysis passes that are standard in other probe paths, creating a dangerous inconsistency and a potential blind spot for threat detection.

The function, located in `src/active/verify-mcp.ts`, currently only calls `scanToolsListForInjection` and `scanNamedItemsForInjection`. However, it is missing the following essential scans that are actively performed in both the Server-Sent Events (SSE) and Streamable HTTP probe paths: the `classifyToolRisks()` function, which assesses the risk level of each tool (e.g., file access, network, code execution); the `scanToolsListForInformationDisclosure()` function, designed to detect leaked secrets like API keys and internal paths within tool schemas; and the `scanResourcesForInternalUris()` function, which identifies internal infrastructure URIs in resource definitions. Their absence from the stdio path means tools and resources validated through this channel bypass these security checks.

This omission creates a direct security exposure. It means that a malicious or compromised MCP server communicating via stdio could potentially introduce high-risk tools, leak sensitive credentials, or expose internal network URIs without triggering the security analysis that would catch the same threats via SSE or HTTP streams. The inconsistency between security postures across different transport protocols represents a critical flaw in the verification framework, demanding immediate remediation to align the stdio probe's capabilities with its counterparts.