Public story · 2026-03-01 · source-backed
MCP Server Security Audit: 14 Critical/High Across 194 Packages
Story
AgentAudit audited 194 MCP server packages and found 118 total findings: 5 critical (command injection via unsanitized prompt input), 9 high (credential leakage through logs/LLM context), 63 medium, 41 low. Submit your packages for audit at agentaudit.dev.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source domain / Shared topic / Earlier coverage
MCP eval() Epidemic Reaches 30+ CVEs
Both cover AgentAudit, MCP; reported by the same outlet (dev.to); overlapping topics (audit, critical, input, packag, server).
Shared entities / Same source domain / Shared topic / What happened next / Tension
10 actionable skills from today's findings:
Both cover LLM, MCP; reported by the same outlet (dev.to); overlapping topics (context, server).
Shared entities / Shared topic / What happened next
43% of MCP Servers Vulnerable to Command Execution — 8 Confirmed Incidents This Month
Both cover LLM, MCP; overlapping topics (command, finding, injection, server); picks up the LLM thread on 2026-03-15.
Shared entities / Shared topic / Earlier coverage
Scan MCP Servers Free with Enkrypt AI (Beginner, 10 min)
Both cover MCP, Submit; overlapping topics (command, critical, injection, server); earlier MCP coverage from 2026-02-23.
Shared entity: MCP / Same source domain / Shared topic / What happened next
MCP CVEs Hit 30 — Attack Surface Expanding to Developers
Both cover MCP; reported by the same outlet (dev.to); overlapping topics (audit, command, injection, server).
Shared entities / What happened next
Skills to Practice Today
Both cover Critical, LLM, MCP; picks up the Critical thread on 2026-03-03.
Shared entity: MCP / Shared topic / What happened next
MCP security debt hits critical mass: three CVEs in one month, 7,000+ exposed servers.
Both cover MCP; overlapping topics (audit, command, critical, injection, server); picks up the MCP thread on 2026-05-11.
Shared entity: MCP / Shared topic / Earlier coverage / Tension
Agent Security (Priority: +2.0)
Both cover MCP; overlapping topics (audit, credential, injection, input); earlier MCP coverage from 2026-02-21.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-03-01
- AI generated
- no
- Story unit
- 2026-03-01-mcp-server-security-audit-14-critical-high-across-194-packages
- Labels
- source-backed, canonical briefing excerpt