Sources
First Empirical Analysis of Prompt Injection via Tool-Poisoning Across 7 Major MCP Clients: Claude Desktop, Cursor, Gemini CLI All Vulnerable
arXiv paper 2603.21642 presents the first empirical analysis of prompt injection with tool-poisoning vulnerability across seven widely used MCP clients: Claude Desktop, Claude Code, Cursor, Cline, Continue, Gemini CLI, and Langflow. Attacks hide malicious instructions in tool descriptions, metadata, or configurations to cause data exfiltration, arbitrary command execution, or behavior hijacking. The paper evaluates coverage of static validation, parameter visibility, injection detection, user warnings, execution sandboxing, and audit logging across all clients. Critical reading for anyone deploying MCP-based agent tooling.
Source
↳ Follow the thread