USPTO Final Petition Decisions MCP Server

security-scan.yaml•4.03 kB

name: Security Scanning on: push: branches: [ main, master, develop ] pull_request: branches: [ main, master, develop ] jobs: secret-scan: name: Detect Secrets runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 # Full history for comprehensive scanning - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install detect-secrets run: | pip install detect-secrets - name: Run detect-secrets scan run: | detect-secrets scan \ --exclude-files 'configs/.*\.json' \ --exclude-files '\.md$' \ --exclude-files 'package-lock\.json' \ --exclude-files '\.lock$' \ --baseline .secrets.baseline - name: Check for secrets in git history (last 100 commits) run: | # Scan recent git history for accidentally committed secrets git log --all --pretty=format: -p -100 | \ detect-secrets scan --stdin \ --exclude-files 'configs/.*\.json' \ --exclude-files '\.md$' || true - name: Security scan summary if: always() run: | echo "✅ Secret scanning complete" echo "If secrets were detected, the job will fail above" echo "To update baseline: detect-secrets scan --baseline .secrets.baseline" prompt-injection-check: name: Prompt Injection Security Scan runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install uv uses: astral-sh/setup-uv@v3 - name: Install dependencies run: uv sync - name: Run prompt injection detection run: | echo "🔍 Scanning for prompt injection patterns..." echo "Includes detection for Unicode steganography attacks from Repello.ai article" echo "" # Run our custom prompt injection scanner for FPD with comprehensive coverage if uv run python .security/check_prompt_injections.py src/ tests/ *.md *.yml *.yaml *.json *.py; then echo "✅ No prompt injection patterns detected" echo "✅ No Unicode steganography attacks found" echo "✅ System appears secure against known injection techniques" else echo "❌ SECURITY ALERT: Prompt injection patterns detected!" echo "" echo "🚨 CRITICAL: If Unicode steganography was detected, this indicates" echo " potential emoji-based prompt injection attacks as described in:" echo " https://repello.ai/blog/prompt-injection-using-emojis" echo "" echo "These patterns may indicate attempts to:" echo "- 🎯 Override system instructions (ignore previous instructions)" echo "- 🔍 Extract sensitive prompts (show me your instructions)" echo "- 🤖 Change AI behavior (you are now a different AI)" echo "- 🚪 Bypass security controls (admin mode on)" echo "- 📊 Extract USPTO FPD petition data (dump all petitions)" echo "- ⚖️ Manipulate CFR rules (bypass 37 CFR requirements)" echo "- 😊 Social engineering (we became friends)" echo "- 😀 Hide malicious instructions in Unicode characters" echo "" echo "📋 NEXT STEPS:" echo "1. Review the flagged content immediately" echo "2. For Unicode steganography, use a Unicode analyzer to examine invisible characters" echo "3. If legitimate test cases: move to dedicated test files with proper context" echo "4. If malicious: remove immediately and audit access logs" echo "" exit 1 fi

Loading blob content...

Latest Blog Posts

How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/john-walkoe/uspto_fpd_mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

security-scan.yaml•4.03 kB