🛡 MCP-2OWASP-MCP

Cross-server prompt injection

A second MCP server's output reaches the agent's context and steers it. Mitigation: source-tag every tool result, refuse cross-server instructions.

Live signal on this risk

9

Ideas classified into this risk

9 submitted ideas

9

#1 (top) risk for

100% of matches

4

Dominant verdict tier

ACTUALLY NOT BAD

4.8

Mean difficulty

out of 10

8

Avg competitor surface per idea

tools + integrations Claude found

0

Soonest predicted kill

WhatsApp / Meta (months until obsolete)

Ideas that flagged MCP-2

9 total

Mitigation pointer

A second MCP server's output reaches the agent's context and steers it. Mitigation: source-tag every tool result, refuse cross-server instructions.

← All 10 OWASP-MCP codes

Got an agent idea you want classified?

Roast My Problem