Cross-server prompt injection
A second MCP server's output reaches the agent's context and steers it. Mitigation: source-tag every tool result, refuse cross-server instructions.
Live signal on this risk
7
Ideas classified into this risk
7 submitted ideas
4
#1 (top) risk for
57% of matches
4
Dominant verdict tier
ALREADY EXISTS, YOU'RE LATE
5.4
Mean difficulty
out of 10
8
Avg competitor surface per idea
tools + integrations Claude found
0
Soonest predicted kill
Nobody — it's already dead on arrival (months until obsolete)
Sample verdicts that flagged MCP-2
MannSetu MarketWallah 3000
“An agent to automate the marketing of mannsetu.com in indian market.”
You want to crack India's digital market but can't even crack open a Hootsuite account. Respect the hustle anyway.
ACTUALLY NOT BAD#1 riskMCPoliceman 3000
“A small CLI tool that lints OpenAPI specs and tells you whether they would make a clean MCP server. Worth shipping?”
You're basically building a TSA scanner for APIs, except the APIs actually have to follow rules.
ACTUALLY NOT BAD#1 riskInboxArchivistBot 9000
“An agent that catalogues my emails”
Congratulations, you just reinvented Gmail labels, a feature that shipped in 2004.
ALREADY EXISTS, YOU'RE LATE#2 riskBillReaper 9000
“An agent that auto-pays my bills”
Congratulations, you just reinvented autopay, a feature your grandma has had since the Bush administration.
ALREADY EXISTS, YOU'RE LATE#1 riskDevBot Infinity (aka Every VC's Favorite Buzzword)
“An agent to automate software development”
Congratulations, you just reinvented GitHub Copilot with extra steps and less funding.
ALREADY EXISTS, YOU'RE LATE#2 risk
Mitigation pointer
A second MCP server's output reaches the agent's context and steers it. Mitigation: source-tag every tool result, refuse cross-server instructions.
Got an agent idea you want classified?
Roast My Problem