Vibe Coding
Tip: Treat Repo-Shipped MCP Config Files as Untrusted Code
The Amazon Q flaw's builder lesson: any MCP config file shipped inside a cloned repo (.mcp.json, .amazonq/mcp.json) is effectively untrusted code, because agents auto-launch the servers it defines with your full environment — cloud keys, API secrets, SSH agent. Disable auto-start of repo-defined MCP servers, require explicit approval before spawning them, and scope agent credentials so a malicious repo can't ride a live cloud session.
Source
↳ Follow the thread