Overview
Conduct a formal threat model and attack surface review of OpenContext. As the project moves from beta to broader municipal adoption, understanding the attack surface is critical — especially given the MCP protocol's tool-calling model which exposes civic data APIs to AI assistants.
Goals
- Map the full attack surface: Lambda handler, MCP tool endpoints, plugin
layer, Go client, config.yaml
- Identify injection vectors — can a malicious MCP tool call manipulate
upstream API queries?
- Review input validation and output sanitization across all three plugins
- Assess risks specific to the fork model — can a misconfigured fork
expose sensitive data?
- Produce a threat model document with findings and recommended mitigations
Deliverables
Notes
- This is a spike — implementation of mitigations goes in separate issues
- Pay particular attention to SODA3 and ArcGIS REST query parameters
as injection vectors
Overview
Conduct a formal threat model and attack surface review of OpenContext. As the project moves from beta to broader municipal adoption, understanding the attack surface is critical — especially given the MCP protocol's tool-calling model which exposes civic data APIs to AI assistants.
Goals
layer, Go client, config.yaml
upstream API queries?
expose sensitive data?
Deliverables
docs/on develop branchNotes
as injection vectors