Curated advisory

MCP tool description poisoning

How misleading MCP descriptions can redirect agent behavior.

Protect my harnessProtect a team

Start with a plain-language summary before the technical trace.

Use local Guard checks for tool descriptions, secret reads, and risky commands.

Connect Guard Cloud when the pattern should be remembered across a team.

Related explainers

Follow the concepts behind this advisory.

prompt-injection

Prompt injection

A prompt injection is a trick note for an AI tool.

Open guide

mcp-tool-poisoning

MCP security

MCP lets agents use tools. Bad tools can lie or overreach.

Open guide

supply-chain

Skill and plugin safety

Agent skills are tiny helpers. Some helpers ask for too much.

Open guide

prompt-injection

Community warnings

Learn from blocked actions without exposing private work.

Open guide