MCP tool-call
MCP — Model Context Protocol — lets AI agents call external tools and read external resources. The animation shows a 3-actor RPC dance: Agent → Tool → Resource → back. Industrial register held: this is RPC, not a chat protocol.
Animation
frame 0
Engineering pitfalls
Tool definition leaking sensitive context
MCP tool JSON-Schema is visible to the calling agent — including the LLM. Don't include secrets in tool descriptions; the LLM may echo them in output.
Untrusted resource content injected into LLM context
Resources returned by MCP servers are appended to the LLM's context window. Malicious resource content can prompt-inject. Sanitise or sandbox resource content before it reaches the LLM.
Tool execution authorization missing
MCP transports don't enforce who can call which tool. Add authorization at the MCP server layer per-tool, not just per-connection.
References
Primary sources
- Anthropic — Model Context Protocol (MCP) Specification (2024+).
- JSON-RPC 2.0 — Specification (MCP transport).
- OWASP — Top 10 for LLM Applications (prompt injection from external context).