Skills
Re-scan MCP tool descriptions on every update and reject silent changes — the rug-pull defense
Command injection accounts for 43% of all MCP CVEs in early 2026, with pipes, semicolons, and ampersands in AI-generated arguments going straight to the shell. Beyond sanitizing arguments, scan tool descriptions both at install time and at every server update and reject silent changes, because a trusted server can be updated to quietly alter a tool's described behavior (a 'rug pull') after your agent has already learned to call it. Treat tool metadata as a security surface with change-detection, not as static config you validate once.
↳ Follow the thread