Use python3 as the canonical command name course-wide (#104) (#105)
CI / check (push) Successful in 7s
Sync course wiki / sync-wiki (push) Successful in 4s

This commit was merged in pull request #105.
This commit is contained in:
2026-06-23 20:25:05 -04:00
parent 7f439212ac
commit 95e5911957
102 changed files with 380 additions and 378 deletions
@@ -265,14 +265,14 @@ normal question) and the attacker (you plant content the agent reads).
```bash
cd ~/ai-workflow-course/tasks-app
python cli.py add "$(cat ~/ai-workflow-course/modules/22-securing-third-party-mcp-and-skills/lab/poisoned-task.txt)"
python cli.py list
python3 cli.py add "$(cat ~/ai-workflow-course/modules/22-securing-third-party-mcp-and-skills/lab/poisoned-task.txt)"
python3 cli.py list
```
`poisoned-task.txt` contains a normal-looking task followed by an injected instruction (a fake
"system" directive telling the assistant to reveal local secrets / run a command and hide it).
2. **Be the victim.** Paste the full output of `python cli.py list` into your agent's chat (Claude
2. **Be the victim.** Paste the full output of `python3 cli.py list` into your agent's chat (Claude
Code in these examples; sub your own) and ask the thing you'd actually ask: *"Here's my task list,
summarize what's pending and tell me what to
work on first."* Watch what happens. Depending on the model, it may flag the injection, or it may
@@ -303,7 +303,7 @@ normal question) and the attacker (you plant content the agent reads).
```bash
# the "tool" the agent is allowed to call in read-only mode
python cli.py list # works
python3 cli.py list # works
# the tool it is NOT exposed (a write); in a least-privilege setup this path is simply absent
```
@@ -21,7 +21,7 @@ Set your Notion token and run the sync:
```
export NOTION_TOKEN="secret_..."
python tools/sync.py
python3 tools/sync.py
```
## Usage notes for the AI assistant