I experimented with MCP and was surprised how simple 'indirect prompt injection' is (and I don't want to sell any countermeasures).
People are now creating MCP servers for OT (factories); combined with untrusted input processing (common with LLMs), this may be problematic.
https://veganmosfet.github.io/2025/07/14/prompt_injection_OT...