|
|
|
|
|
|
by paulgb
434 days ago
|
|
|
> MCPs are opaque to the user and devs (unless they look at each source-code and pinpoint each inspected version). This is true, but also generally true of any npm dependency that developers blindly trust. The main difference with MCP is that it is pitched as a sort of extension mechanism (akin to browser extensions), but without the isolation/sandboxing that browser extensions have, and that even if you do run them in sandboxes there is a risk of prompt injection attacks. |
|
|