mcp-as-a-resume

The Lambda Function URL is configured with 'NONE' authentication, directly exposing the Lambda endpoint to the public internet without inherent AWS IAM protection. While the README mentions CloudFront for HTTPS and global distribution, the provided AWS CDK code (`lib/resume-mcp-stack.ts`) does not provision a CloudFront distribution, implying it must be manually configured or handled by an external stack to add essential security layers (e.g., WAF, rate limiting, DDoS protection) in front of the Lambda. There is no explicit input validation (e.g., length, format) for parameters like `sender_email` or `message` in the `send_email_to_brad` function, which could lead to abuse (e.g., very large messages or malformed emails). Error responses return `str(e)`, which may leak sensitive stack trace information in case of unhandled exceptions.