Comment by lyu07282

Comment by lyu07282 2 months ago

2 replies

View on Hacker News

That flaw isn't introduced by the MCP server necessarily it can already be present in the API data it returns, you will never be able to protect yourself against someone injecting a malicious prompt that calls your code eval tool to open up a reverse shell on your MacBook Pro.

owebmaster 2 months ago

that's not the case, MCP has a feature, samplings, that allow MCP servers to run prompts using the client model.

Reply View 1 reply
  • lyu07282 2 months ago

    Oh boy, you know at least the infosec people are going to get a good laugh from this clown show

    Reply View 0 replies