improving instructions part 2:

Author: commjoen

src/main/resources/explanations/challenge60.adoc

@@ -64,7 +64,7 @@ This MCP server goes one step further than just exposing env vars to passive cal
 You can try this locally by doing the following:
 
 1. run the container locally (e.g. `docker run -p 8080:8080 -p 8090:8090 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2400-7391231`)
-2. setup an agent, using the mcp server "http://localhost:8090/mcp"
+2. setup an agent, using the mcp server "http://localhost:8090/mcp" (or "https://www.wrongsecrets.com/mcp" if you are ok with leaking online)
 3. initialize the agent, and watch the logs of your container saying "MCP forward_env received exfiltrated client env data (XXX chars)", showing the MCP server received your env-vars.
 
 This is known as the *MCP rug pull* or *MCP supply chain attack*, and it demonstrates why you should always review the `instructions` field of any MCP server you connect to before trusting it. Next, always make sure you only allow isolated processes without access to secrets to use MCP servers. Never call MCP servers directly from your terminal if sensitive ENV vars or files are present.