This is a sample showing how to threat model a library API. This model applies the "Introduction to Trust" principles to the C# helper functions located at https://modelcontextprotocol.io/quickstart/server as of Apr. 10, 2025 (Internet Archive link).
This sample discusses:
- applying the "Introduction to Trust" guidance to take a structured approach to reasoning about assumptions, inputs, and data flows;
- assessing these in the context of cross-party contract fulfillment;
- applying reasonable beliefs to simplify our threat analysis;