the protocol also enables what I'll call forth-party prompt injections where a trusted third-party MCP server "trusts" data that it pulls from another third-party the user might not be explicitly aware of.
the protocol also enables what I'll call forth-party prompt injections where a trusted third-party MCP server "trusts" data that it pulls from another third-party the user might not be explicitly aware of.