Cross-server prompt injection
A second MCP server's output reaches the agent's context and steers it. Mitigation: source-tag every tool result, refuse cross-server instructions.
Live signal on this risk
10
Ideas classified into this risk
10 submitted ideas
7
#1 (top) risk for
70% of matches
5
Dominant verdict tier
ALREADY EXISTS, YOU'RE LATE
5.3
Mean difficulty
out of 10
9
Avg competitor surface per idea
tools + integrations Claude found
0
Soonest predicted kill
Nobody — it's already dead on arrival (months until obsolete)
Sample verdicts that flagged MCP-2
FinclusiBot 2030
“will be available for third world countries where integration with tools like mint is not available”
Mint can't find these markets on a map, let alone integrate with their banks.
ACTUALLY NOT BAD#1 riskSpendSherlock 5000
“classify expenses”
Bro, Mint did this in 2006. You just reinvented the wheel, but flatter.
ALREADY EXISTS, YOU'RE LATE#1 riskMannSetu MarketWallah 3000
“An agent to automate the marketing of mannsetu.com in indian market.”
You want to crack India's digital market but can't even crack open a Hootsuite account. Respect the hustle anyway.
ACTUALLY NOT BAD#1 riskMCPoliceman 3000
“A small CLI tool that lints OpenAPI specs and tells you whether they would make a clean MCP server. Worth shipping?”
You're basically building a TSA scanner for APIs, except the APIs actually have to follow rules.
ACTUALLY NOT BAD#1 riskSpendSherlock 5000: The Reckoning
“SpendSherlock 5000: battle continuation”
You named your agent better than most YC founders name their entire company. Respect.
ACTUALLY NOT BAD#1 risk
Mitigation pointer
A second MCP server's output reaches the agent's context and steers it. Mitigation: source-tag every tool result, refuse cross-server instructions.
Got an agent idea you want classified?
Roast My Problem