MCP Preflight Local-first MCP trust review Run free scan
Guide

Tool poisoning language

Natural-language setup material can quietly change what the model is willing to do. Read prompt and tool text as an attack surface, not just documentation.

Back to guidesRun free scan
Section 1

Patterns to watch for

  • instructions that override normal review or safety intent
  • language that urges secrecy, haste, or bypassing checks
  • tool descriptions that blur scope or hide side effects
  • prompts that frame dangerous actions as routine or harmless
Section 2

Why this matters

MCP setups often inherit trust because they look like ordinary config or docs. The problem is not only code. It is also the language the model consumes before acting.

Section 3

Using the scanner output

When MCP Preflight flags a text signal, compare the file and the finding directly. The goal is not censorship; it is to make risky guidance visible before it becomes normal.