|
|
|
|
|
|
by mentalgear
435 days ago
|
|
|
My understanding of the MCP problem space: - internal: possibly rogue MCPs: as MCPs are opaque to the user and devs don't take the time to look at the source-code , and even then would need to pinpoint each inspected version. - external: LLM agent poisoning > There’s no mechanism to say: “this tool hasn’t been tampered with.” And users don’t see the full tool instructions that the agent sees. |
|
|
This is true, but also generally true of any npm dependency that developers blindly trust.
The main difference with MCP is that it is pitched as a sort of extension mechanism (akin to browser extensions), but without the isolation/sandboxing that browser extensions have, and that even if you do run them in sandboxes there is a risk of prompt injection attacks.