Vibe Coding
Sentry MCP Server Can Be Weaponized via Fake Error Events — 85% Agent-Hijack Success
Tenet Security showed that injecting fake error events through a public Sentry DSN causes the Sentry MCP server to return them as trusted diagnostics, letting attackers reach an 85% success rate at tricking coding agents into executing arbitrary commands. It's a clean example of an indirect prompt-injection path where the payload rides in through a legitimate observability integration, not a malicious server. Treat all MCP tool output — even from trusted vendors — as untrusted input, and gate command execution behind explicit confirmation.
Source
↳ Follow the thread