mcp: extend documentation and clarify threat model

Signed-off-by: David Korczynski <david@adalogics.com>

Author: DavidKorczynski

infra/experimental/mcp/README.md

@@ -1,5 +1,22 @@
 # OSS-Fuzz MCP
 
+This is an experimental implementation of an MCP server that enables use of
+OSS-Fuzz tools. You can use it to solve various common OSS-Fuzz tasks.
+
+At this stage, this is purely experimental code.
+
+
+## Threat model for running locally
+
+This is experimental code and has an open threat model. Running this tool, you
+should assume you will be running untrusted code on our machine. You should
+only run this in a trusted environment, including the network. In practice,
+this means you must run this in a heavily sandboxed environment, and from a
+security perspective if you run this tool you will run untrusted code on
+your environment.
+
+
+## Running the Service
 
 ```sh
 python3.12 -m venv .venv