Highlight from Everything Wrong With MCP

A pretty big hole in the MCP model is that tools, what MCP allows third-parties to provide, are often trusted as part of an assistant's system prompts giving them even more authority to override agent behavior.