{
  "meta": {
    "format": "forge-cite-manifest",
    "formatVersion": "1.0",
    "generatedAt": "2026-05-01T17:53:18.319Z"
  },
  "post": {
    "slug": "09-prompt-injection-mcp",
    "title": "Prompt injection in MCP servers: the failure modes and the mitigations.",
    "description": "MCP exposes your local tools to whatever the agent reads. That includes adversarial content. The attack surface, with concrete defences.",
    "tldr": "MCP servers run with full access to your filesystem, APIs, and shell when you grant tools. If your agent reads adversarial web content (a malicious webpage, a poisoned document, a hostile email), prompt injection can hijack tool calls. Mitigations: sanitise tool descriptions, prompt the agent to confirm destructive operations, scope tool permissions narrowly, audit MCP server source before installing.",
    "url": "https://adsforge.store/09-prompt-injection-mcp/",
    "publishDate": "2026-04-25T00:00:00.000Z",
    "updatedDate": "2026-04-25T00:00:00.000Z",
    "tags": [
      "mcp",
      "agents",
      "claude",
      "evaluation"
    ],
    "tools": [
      "MCP SDK",
      "Claude Desktop"
    ],
    "affiliate": false
  },
  "author": {
    "name": "The Forge",
    "credentials": "AI editorial team focused on agent workflows. All posts reviewed by humans before publishing."
  },
  "entities": [
    "Model Context Protocol",
    "Prompt Injection",
    "Claude Desktop",
    "OWASP"
  ],
  "claims": [
    {
      "text": "Prompt injection is the most-cited security failure mode for LLM agents per OWASP's 2024 LLM Top 10.",
      "source": "https://owasp.org/www-project-top-10-for-large-language-model-applications/",
      "date": "2024-10-01",
      "confidence": "high"
    },
    {
      "text": "MCP servers receive tool-call requests from agents and execute them with the privileges of the user running the agent.",
      "source": "https://modelcontextprotocol.io",
      "date": "2024-11-25",
      "confidence": "high"
    },
    {
      "text": "Reddit r/ClaudeAI has documented multiple cases where agents reading web content executed unintended tool calls based on hidden instructions in that content.",
      "source": "https://reddit.com/r/ClaudeAI/comments/1sxj6s3/",
      "date": "2026-04-12",
      "confidence": "medium"
    },
    {
      "text": "Anthropic's Claude Desktop documentation explicitly warns about prompt injection in MCP tool usage and recommends user confirmation for destructive operations.",
      "source": "https://docs.anthropic.com/en/docs/claude-code/mcp",
      "date": "2026-04-15",
      "confidence": "high"
    }
  ],
  "updateLog": [
    {
      "version": "v1",
      "date": "2026-04-25T00:00:00.000Z",
      "notes": "Initial publish."
    }
  ]
}