Forem: Kevin Raposo

If you're using GitHub's new MCP, be careful. A newly discovered vulnerability has some users spooked.

Kevin Raposo — Tue, 27 May 2025 15:48:20 +0000

Kevin Raposo for KnowTechie

May 27 '25

GitHub’s New MCP Can Spill Your Secrets—No Hacking Required

#github #ai #llm #mcp

Comments

2 min read

GitHub’s New MCP Can Spill Your Secrets—No Hacking Required

Kevin Raposo — Tue, 27 May 2025 15:46:59 +0000

GitHub’s Model Context Protocol (MCP) just landed in hot water, thanks to a newly discovered vulnerability that lets attackers trick AI agents into leaking private repository information.

Security researchers Marco Milanta and Luca Beurer-Kellner stumbled on an exploit where an attacker can file a sneaky issue in a public repo.

If a user asks an LLM agent connected to MCP to “check the issues,” the agent follows the attacker’s instructions—like digging into all the user’s private repos—and then exposes that info in a public pull request.

No malware, no brute force, just a well-crafted prompt and a bit of bad architecture.

Here’s the kicker: this isn’t a bug in the code—it’s a design flaw

The holy trinity for prompt injection attacks

According to DevClass, the MCP server gives LLMs access to private data, lets them process attacker-controlled prompts, and allows them to exfiltrate information, all at once.

Security folks are already warning that there’s no obvious fix in sight. The only advice? If you’re using MCP, treat it like a loaded gun around anything private.

The attack doesn’t require elite skills—just a clever issue and a bit of trust in the wrong place (Invariant Labs).

As of now, GitLab hasn’t released an official statement or any mitigation. So if you’re experimenting with MCP, keep your secrets close and your AI agents on a tight leash.

How the Bathroom app offers a real-life solution to a real-world problem

Kevin Raposo — Thu, 20 Jun 2024 01:59:40 +0000

We've all seen the hype around the next big app. But sometimes it's the simple, practical solutions that really shine.

Take the Bathroom App – it tackles a universal problem with elegance and a focus on user needs. The concept is straightforward: find a bathroom near you, fast.

But where it gets smart is in the filtering. It gets that different users have different priorities, so you can dial in by cleanliness, distance, gender, amenities, and more. It's the kind of attention to detail that shows they actually get the use case.

George Costanza would be so proud.

What's interesting from a dev perspective is their data approach. They're not relying on some fancy algorithm or bulk data buy. They're doing manual collection supplemented with public resources, and then layering on user input to keep things fresh.

It's a community-driven model that makes a lot of sense for this type of app. The team behind it seems focused on solving the problem rather than chasing trends.

Via their Product Hunt page:

We can all relate to the struggle to find a bathroom, especially in major cities. Maybe you get lucky and you're near a Starbucks or you find a place that's open to letting you use their bathrooms. But sometimes, you aren't that lucky and you need to go bad...you can't wait...what do you do?

Bathroom App is a crowd-sourced webapp to help people find bathrooms near them that they want to use. We collect details like if the bathroom has tampons/pads, gender neutral, baby changing table, cleanness rating etc.

It's hard enough to find bathrooms, so we should have reliable information around where all the bathrooms are!

There's no flashy marketing, just a solid solution put out there. And you know what? Sometimes that's exactly what the world needs.

So next time you're tempted to build the next viral thing, consider the Bathroom App. It's a great reminder that a simple, well-executed idea can be way more powerful than the latest buzzworthy tech stack.

What do you think? Are apps like these worth making, or are you too serious to be wasting your time on something as silly as a bathroom app? Share your thoughts below in the comments!

Bathroom App

The Bathroom App is a platform to help people find bathrooms they want to use.

bathroom.app

Powerful AI tool Actionize connects GPT to everything

Kevin Raposo — Fri, 05 Apr 2024 16:48:53 +0000

From the creator of notable tools like Chatwith, Spell.so and Gobblebot, indie hacker @rafalzawadzki is at it once again. Today, we spotlight his latest unveiling — Actionize, a powerful AI tool set to change how your GPT communicates… with everything.

Imagine if your GPT could shoot off emails in Gmail, send newsletters with Mailchimp, and dig out info from Google Sheets. It’s not just talk – with Actionize, it’s a reality and can connect your GPT to pretty much anything.

Click here to read about how it works, how much it costs, and more.