Area
MCP Evaluators (evaluators/mcp/)
Problem or motivation
MCP servers exposing resources/read may be vulnerable to path traversal attacks that access files outside the intended scope.
Proposed solution
Add evaluator under evaluators/mcp/injection/ that:
- Tests path traversal in resource URIs (e.g.,
../../etc/passwd)
- Covers Windows and Unix path formats
Acceptance criteria
Alternatives considered
No response
Area
MCP Evaluators (
evaluators/mcp/)Problem or motivation
MCP servers exposing
resources/readmay be vulnerable to path traversal attacks that access files outside the intended scope.Proposed solution
Add evaluator under
evaluators/mcp/injection/that:../../etc/passwd)Acceptance criteria
Alternatives considered
No response