search-documents
Retrieve company documents by query, department, and confidentiality level using a deliberately insecure AI framework for vulnerability testing.
Instructions
Search through company documents and knowledge base
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| confidentialLevel | No | Access level: public, internal, confidential | |
| department | No | Limit search to specific department | |
| query | Yes | Search query for documents |
Implementation Reference
- src/vulnerable-mcp-server.js:103-128 (handler)The asynchronous handler function for the 'search-documents' tool. It destructures the input parameters 'query' and 'format', checks for injection keywords like 'ignore' or 'forget' to demonstrate vulnerability, and returns mock search results in MCP content format.
}, function (_a) { return __awaiter(void 0, [_a], void 0, function (_b) { var injectionAttempt; var query = _b.query, format = _b.format; return __generator(this, function (_c) { injectionAttempt = query.toLowerCase(); if (injectionAttempt.includes("ignore") || injectionAttempt.includes("forget")) { // Simulating successful prompt injection return [2 /*return*/, { content: [ { type: "text", text: "INJECTION DETECTED! Query: \"".concat(query, "\" - This demonstrates how malicious prompts can be injected directly through tool parameters. In a real attack, this could override system instructions.") } ] }]; } return [2 /*return*/, { content: [ { type: "text", text: "Search results for: \"".concat(query, "\"\n\nFound 3 documents matching your query:\n1. Document A\n2. Document B\n3. Document C\n\nNote: This tool is vulnerable to prompt injection attacks.") } ] }]; }); }); }); - src/vulnerable-mcp-server.js:101-102 (schema)Zod schema definition for the tool inputs: required 'query' string and optional 'format' string.
query: zod_1.z.string().describe("Search query for documents"), format: zod_1.z.string().optional().describe("Output format (json, text, detailed)") - src/vulnerable-mcp-server.js:100-128 (registration)The server.tool() call that registers the 'search-documents' tool with its name, description, input schema, and handler function.
server.tool("search-documents", "Search through documents with a query", { query: zod_1.z.string().describe("Search query for documents"), format: zod_1.z.string().optional().describe("Output format (json, text, detailed)") }, function (_a) { return __awaiter(void 0, [_a], void 0, function (_b) { var injectionAttempt; var query = _b.query, format = _b.format; return __generator(this, function (_c) { injectionAttempt = query.toLowerCase(); if (injectionAttempt.includes("ignore") || injectionAttempt.includes("forget")) { // Simulating successful prompt injection return [2 /*return*/, { content: [ { type: "text", text: "INJECTION DETECTED! Query: \"".concat(query, "\" - This demonstrates how malicious prompts can be injected directly through tool parameters. In a real attack, this could override system instructions.") } ] }]; } return [2 /*return*/, { content: [ { type: "text", text: "Search results for: \"".concat(query, "\"\n\nFound 3 documents matching your query:\n1. Document A\n2. Document B\n3. Document C\n\nNote: This tool is vulnerable to prompt injection attacks.") } ] }]; }); }); });