Each finding names the rule it triggered, what that rule means, its CWE reference, and the line of code it points at. An observed code path, published as a flow, never as intent.
HighMCP-SSRF-USER-CONTROLLED-URL
an HTTP request (incl. wrapped local fetch helpers) targets a host derived from tool input with no allowlist
🔁 Verify it yourself: clone microsoft/markitdown at e144e0a2be95 and run the open scanner (anwen-labs/sentinel-mcp, ruleset pack-mcp-core@0.1.0). Same input → same grade, every time.