top | item 44503602

(no title)

ollien | 7 months ago

I won't claim to be as well-versed as you are in security compliance -- in fact I will say I definitively am not. Why would you think that it isn't a meaningful difference here? I would never simply pipe sqlite3 output to `eval`, but that's effectively what the MCP tool output is doing.

discuss

tptacek|7 months ago

If you give a competent attacker a single input line on your REPL, you are never again going to see an output line that they don't want you to see.

ollien|7 months ago

We're agreeing, here. I'm in fact suggesting you _shouldn't_ use the output from your database as input.