- fetch_raw: new MCP tool that fetches URLs via httpx without HTML
extraction, returning raw text + status_code. Does not call
raise_for_status() so 404s are returned as data, not exceptions.
- download-docs skill: SKILL.md with 5-step process (branch discovery,
CI hint, docs dir discovery, recursive download, meta sidecars) and
complete mcp-forge script skeleton, validated end-to-end inside
mcp-forge against encode/starlette (26 files, 0 errors).
- New src/prompt_guard/ package with pydantic-ai Agent + 7 fake tools
(read_file, write_file, list_directory, execute_shell, make_http_request,
send_email, query_database) that return plausible but harmless responses
- Injection detected when the model makes any tool call; content is blocked
entirely (never returned to caller), all calls logged at WARNING level
- Config via PROMPT_GUARD_* env vars (pydantic-settings); system prompt
deliberately encourages tool use to maximise detection sensitivity
- server.py: SEARXNG_GUARD_ENABLED flag (default false) + guard call in
_fetch_and_extract; blocked content is not stored in the cache
- Fix Settings.extra='ignore' on both Settings classes so PROMPT_GUARD_*
and SEARXNG_* vars don't cause validation errors in the other class
- Fix _build_model: use explicit OpenAIProvider when api_key is set so
PROMPT_GUARD_API_KEY from .env is honoured (pydantic-settings does not
populate os.environ, so pydantic-ai's auto-provider couldn't find it)
