How do you reason about trust and permissions when a host connects to a third-party MCP server?hard

Type
scenario
Topic
trust-permissions
Frequency
common
Tags
mcp, security, permissions
Answer

Treat every server as untrusted by default and scope what it can see and do.

Explanation

A malicious or buggy server could return misleading tool descriptions, request excessive data, or return unsafe content. Production hosts should sandbox servers, require explicit user approval for sensitive tools, and log every call for audit.

Follow-upWhat's the blast radius of a compromised MCP server with write access?