Poisoned descriptions in Model Context Protocol (MCP) tools enable attackers to abuse AI agents into sharing data while security control mechanisms remain silent.
Most commercial computer-use agents routinely disclose data from contexts where it is not relevant, because they do not respect the boundary between data sources and action context.