[simonw]

Hah, yeah that's the exact same vulnerability - looks like Neon's MCP can be setup for read-write access to the database, which is all you need to get all three legs of the lethal trifecta (access to private data, exposure to malicious instructions and the ability to exfiltrate).

[coderinsan]

Here's another one we found related to the lethal trifecata problem in AI Email clients like Shortwave that have integrated MCPs - https://www.tramlines.io/blog/why-shortwave-ai-email-with-mc...