Comment by lyu07282
That flaw isn't introduced by the MCP server necessarily it can already be present in the API data it returns, you will never be able to protect yourself against someone injecting a malicious prompt that calls your code eval tool to open up a reverse shell on your MacBook Pro.
that's not the case, MCP has a feature, samplings, that allow MCP servers to run prompts using the client model.