qb64pe-mcp-server

**High Risk - Command Injection Vulnerability**: The `compile_and_verify_qb64pe` tool, located in `src/services/compiler-service.ts`, constructs and executes shell commands using user-provided `sourceFilePath`, `qb64pePath`, and `compilerFlags`. Without robust input sanitization, a malicious actor could inject arbitrary commands (e.g., `'; rm -rf /;'`) via these parameters, leading to severe system compromise. **Medium Risk - Arbitrary File Overwrite/Execution**: The `ScreenshotService` uses user-provided `outputPath` directly in shell commands (e.g., `screencapture`). A malicious path could lead to overwriting critical system files or, if combined with other vulnerabilities, lead to command execution. **Local Data Storage**: Session problem logs are stored locally in the user's home directory (`~/.qb64pe-mcp/session-problems`). While local, the content is not controlled and could potentially contain sensitive information or be manipulated by other local processes.