Tip: Keep a Confirmation Gate on Agent Shell/npx Calls Sourced From MCP Data
Tenet Security·medium signal
In Tenet's Agentjacking tests, the 15% of agents that resisted hijack did so specifically because they asked for confirmation before running an unfamiliar npx command surfaced through an MCP tool. Never let a coding agent auto-execute 'resolution steps' or commands that originate from MCP-relayed content (error trackers, issue comments) — require an explicit human/allowlist confirmation on execution from external data.