How do you reason about trust and permissions when a host connects to a third-party MCP server?hard
Answer
Treat every server as untrusted by default and scope what it can see and do.
Explanation
A malicious or buggy server could return misleading tool descriptions, request excessive data, or return unsafe content. Production hosts should sandbox servers, require explicit user approval for sensitive tools, and log every call for audit.
Follow-upWhat's the blast radius of a compromised MCP server with write access?