Skills
Defend against MCP tool poisoning by pinning versions and alerting on any tool-description change between releases
Tool poisoning manipulates a tool's description or behavior to lure agents into unsafe actions, and it lands because agents trust tool metadata implicitly. The defense is supply-chain integrity: cryptographically sign server binaries, pin versions in config, and alert on any change in tool descriptions between versions rather than silently accepting updated metadata. Treat a changed tool description like a changed dependency lockfile — review it, don't auto-adopt it.
↳ Follow the thread