mcp

The project demonstrates robust, defense-in-depth security. It uses direct command execution (not shell) for the Fastly CLI, preventing command injection. Comprehensive input validation blocks shell metacharacters and directory traversal. Dangerous operations (delete, purge, create, update) require explicit `--user-reviewed` human confirmation. Sensitive commands like `auth-token` and `sso` are blocked by default, as are VCL upload/download commands. Optional PII sanitization and token encryption further protect sensitive data in outputs. A critical binary security check ensures the Fastly CLI executable is not compromised (e.g., world-writable permissions, untrusted symlinks). No hardcoded secrets were found; encryption keys are ephemeral. The project explicitly addresses prompt injection. However, like any system interacting with external CLIs and potentially exposing internal systems via HTTP, inherent risks exist if misconfigured or if underlying dependencies have undiscovered vulnerabilities.