Hacker News new | ask | show | jobs
by ollien 338 days ago
I won't claim to be as well-versed as you are in security compliance -- in fact I will say I definitively am not. Why would you think that it isn't a meaningful difference here? I would never simply pipe sqlite3 output to `eval`, but that's effectively what the MCP tool output is doing.
1 comments
tptacek 338 days ago
If you give a competent attacker a single input line on your REPL, you are never again going to see an output line that they don't want you to see.
link
ollien 338 days ago
We're agreeing, here. I'm in fact suggesting you _shouldn't_ use the output from your database as input.
link