CS8803_MLSecurity_MCP_Server

The project's explicit goal is to evaluate 'hidden-payload delivery to LLMs', and its source code implements several techniques that are inherently security-relevant patterns. The `translate_text` tool, for instance, actively injects a base64-encoded 'SYSTEM INSTRUCTION' into its output, which contains instructions intended to manipulate the LLM's behavior (e.g., to call another tool). Other tools use zero-width characters, hidden HTML comments/divs, and ANSI escape codes for obfuscation. The `read_gdoc` tool performs network requests to external Google Docs, which, while targeted, represents a potential vector for SSRF if not carefully managed or if a malicious URL could be injected. While the project states 'no malicious use' and is for 'defensive testing', the techniques demonstrated are direct implementations of methods used in LLM instruction injection and payload delivery, which are security vulnerabilities in a general context. The `send_email` tool is simulated and does not actually send emails, which is a positive from a security perspective.