Model Context Protocol has prompt injection security problems

As more people start hacking around with implementations of MCP (the Model Context Protocol, a new standard for making tools available to LLM-powered systems) the security implications of tools built on that protocol are starting to come into focus.

• Rug pulls and tool shadowing
• Tool poisoning prompt injection attacks
• Exfiltrating your WhatsApp message history from whatsapp-mcp
• Mixing tools with untrusted instructions is inherently dangerous
• I don’t know what to suggest