IMCP - Insecure Model Context Protocol

<!-- Use this file to provide workspace-specific custom instructions to Copilot. For more details, visit https://code.visualstudio.com/docs/copilot/copilot-customization#_use-a-githubcopilotinstructionsmd-file --> # Educational MCP Vulnerability Server Instructions This is an educational MCP (Model Context Protocol) server that demonstrates security vulnerabilities for learning purposes. ## Important Notes for Development: - This server contains INTENTIONAL security vulnerabilities for educational purposes - DO NOT use any of these patterns in production code - All vulnerabilities are clearly documented and explained - The purpose is to teach security awareness and prevention ## MCP Development Guidelines: - Use the MCP SDK documentation: https://modelcontextprotocol.io/llms-full.txt - Follow TypeScript best practices for MCP servers - Always validate inputs and sanitize outputs in real applications - Implement proper error handling and logging - Use secure coding practices (opposite of what this educational server demonstrates) ## Security Learning Objectives: - Understand common MCP vulnerabilities - Learn how attacks are executed - Recognize security anti-patterns - Practice secure development techniques - Develop security awareness When working with this codebase: 1. Always remember this is for EDUCATIONAL purposes only 2. Focus on understanding the vulnerability mechanisms 3. Think about how to prevent each demonstrated attack 4. Consider the security implications of each pattern 5. Apply secure coding practices in real projects