sqlite-mcp-server

CRITICAL security risks identified: 1. Arbitrary File System Access: The `mcp.json` explicitly grants full file system access to `C:/`, which is extremely dangerous and allows the server to read, write, or delete any file on the drive. 2. SQL Injection (create_table): The `columns` parameter in `create_table` is directly concatenated into the SQL query without proper sanitization, allowing malicious SQL injection via crafted column names or types. 3. SQL Injection (insert_records): The keys of `records` (used as column names) in `insert_records` are directly concatenated into the SQL query, making it vulnerable to injection if an attacker controls the record keys. 4. SQL Injection (prompt_query): The `table_name` parameter in `nl_to_sql` (called by `prompt_query`) is directly inserted into the `SELECT` query, creating a severe SQL injection vulnerability where an attacker can execute arbitrary SQL commands by manipulating the table name. 5. Hardcoded Path: `BASE_DIR` is hardcoded to a Windows path (`C:\AIProjects\MCPPROJECTS`), which is poor practice and reduces portability.