AgentMCP_V1

CRITICAL security risks identified: 1. **SQL Injection Vulnerability:** The `sqllite_mcp_server.py` directly executes user-provided SQL queries via `cursor.execute(query)` in both `run_query` and `execute` tools. This allows any malicious user input to read, modify, or delete database contents, or even execute arbitrary system commands if the database user has sufficient privileges. 2. **Hardcoded API Key:** The `PINECONE_API_KEY` is hardcoded directly in `searchindex_mcp_server.py`, which is a severe security risk. This key should always be loaded from environment variables or a secure secret management system. 3. **Local Server Exposure Risk:** While servers run on `localhost`, if these ports (6000, 6001, 6002) were exposed externally (e.g., via a firewall rule or port forwarding), the SQL injection vulnerabilities and access to Pinecone could be exploited by external attackers.