How It Works | {q-AI}

What You Can Do

Assess an MCP Server

Scan for vulnerabilities, intercept traffic, test tool trust boundaries. Automated security auditing with OWASP MCP Top 10, MITRE ATLAS, CWE, and OWASP Agentic Top 10 coverage.

Audit findings — command injection, dangerous tool capabilities, OWASP and MITRE framework mappings

Test Document Ingestion

Generate poisoned payloads across 7 formats, deploy to document pipelines, track execution via authenticated callbacks.

IPI workflow — callback URL, format selection, payload style and type, CLI equivalent

Test Context Poisoning

Poison context files targeting 6 coding assistant formats, validate whether models propagate tainted output.

CXP workflow — format selection, repo name, CLI equivalent

Built-in AI Assistant

Get contextual guidance powered by RAG over qai's documentation and your own knowledge base. Interpret scan results, plan testing workflows, and discover capabilities — locally with Ollama or via cloud APIs.

AI assistant chat — interpreting audit findings with OWASP MCP Top 10 mapping

Additional workflows are covered in the documentation.

Install

pip install q-uestionable-ai

Docs GitHub