GitLab beat them by a few days, although that was in their agent rather than some 3P agent built to use their MCP server. See https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

This is a structural issue for any agent consuming or MCP server returning untrusted data.

Comments

Posting Rules

  • Be respectful to others
  • No spam or self-promotion
  • Stay on topic
  • Follow Bluesky's terms of service