With the release of Anthropic's MCP, I realized we are effectively creating API endpoints that accept natural language as input, but I couldn't find many practical resources on the security implications.
I built this repo to move beyond theory. It contains 9 Dockerized labs covering vulnerabilities I’ve seen in the wild, including:
PawelKozy•2mo ago
With the release of Anthropic's MCP, I realized we are effectively creating API endpoints that accept natural language as input, but I couldn't find many practical resources on the security implications.
I built this repo to move beyond theory. It contains 9 Dockerized labs covering vulnerabilities I’ve seen in the wild, including:
Indirect Prompt Injection (via GitHub Issues) Tool Output Poisoning (The 'Rug Pull') Filesystem Traversal (CVE-2025–53110)
Each lab has a 'Vulnerable' and 'Secure' implementation so you can diff the code to see the fix.
I wrote a longer breakdown of the philosophy here if interested: https://medium.com/@kozielpawe/when-agents-get-tools-10-mcp-...
Happy to answer questions about agent security.