Skills
Put an MCP gateway in front of tool discovery and treat every server schema as untrusted ingress
The 2026 MCP security consensus is a zero-trust gateway: a control point outside the client that inspects every tool schema before it reaches the model — the way a load balancer treats inbound HTTP. Pair it with three defense layers: request sanitization (strict templates separating user content from server modifications), response filtering (strip instruction-like phrases, require explicit approval before any tool executes), and capability-scoped access control (declared capabilities, context isolation that blocks access to conversation history, rate-limited sampling). Builder move: never let a third-party MCP tool description flow straight into your model's context — gate and template it first.
↳ Follow the thread