icore_mcp_server

The `query_athena` tool directly executes SQL statements provided in its arguments on AWS Athena without explicit sanitization or validation beyond basic type checking. This poses a significant SQL injection risk if the invoking AI agent or any upstream client can provide arbitrary or malicious SQL, potentially leading to data exfiltration, modification, or deletion depending on the AWS permissions granted. While AWS credentials can be managed via IAM roles (good practice), the direct execution without input filtering is a critical vulnerability. Additionally, static data files (`tableDescriptions.json`, `columnDescriptions.json`) are loaded using `process.cwd()`, making the server susceptible to misconfiguration if not deployed with the correct working directory. The server does implement basic web security with `helmet`, `express-rate-limit`, and robust error/logging practices.