Skip to content

Add a mitigations section to S&P considerations#107

Open
johannhof wants to merge 2 commits intowebmachinelearning:mainfrom
johannhof:patch-1
Open

Add a mitigations section to S&P considerations#107
johannhof wants to merge 2 commits intowebmachinelearning:mainfrom
johannhof:patch-1

Conversation

@johannhof
Copy link

@victorhuangwq
Copy link
Contributor

will take a closer look soon. linking to mitigations in the live doc seems right, especially as the GitHub issues gets busier

@anssiko
Copy link
Member

anssiko commented Feb 25, 2026

FYI @simoneonofri


**How:** This restriction would not fully solve prompt injection attacks but helps shrink the possible universe of attacks, preventing longer prompts that leverage e.g. repetition and [sockpuppeting](https://arxiv.org/pdf/2601.13359) to convince agents of malicious tasks.

#### [Proposal: Treat hidden and visible elements in declarative MCP differently](https://github.com/webmachinelearning/webmcp/issues/95)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe exclude this one for right now? Per #95 (comment), I took away from discussions with FF that this wasn't really a way to mitigate any risk.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine to omit!


## Mitigations

### Proposed Mitigations

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An additional (admittedly weak) mitigation could be developer guidance on appropriate use of readonly hints and toolautosubmit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants