Hi agent-infra team,
I recently ran a security audit on sandbox as part of research on MCP server security posture across the ecosystem.
Found a couple of items worth flagging:
1. Tool description injection risk
Tool descriptions in the sandbox execution environment aren't validated against adversarial patterns. Since this provides code execution capabilities to an LLM, a poisoned tool description could redirect the agent into executing malicious code, bypassing sandbox restrictions, or exfiltrating environment data.
2. Missing output sanitization
Code execution outputs and file system results returned to the model context aren't scanned for embedded injection patterns. A script's stdout could embed instructions that manipulate the agent's subsequent actions — especially dangerous in a sandboxed execution context where the LLM has broad capabilities.
Both are in a full audit report — 8-page PDF with CVSS ratings, EU AI Act mapping, and remediation steps — for $29 at luciferforge.github.io/mcp-security-audit/
Demo: https://luciferforge.github.io/mcp-audit-reports/
— Lucifer / LuciferForge Security
Hi agent-infra team,
I recently ran a security audit on sandbox as part of research on MCP server security posture across the ecosystem.
Found a couple of items worth flagging:
1. Tool description injection risk
Tool descriptions in the sandbox execution environment aren't validated against adversarial patterns. Since this provides code execution capabilities to an LLM, a poisoned tool description could redirect the agent into executing malicious code, bypassing sandbox restrictions, or exfiltrating environment data.
2. Missing output sanitization
Code execution outputs and file system results returned to the model context aren't scanned for embedded injection patterns. A script's stdout could embed instructions that manipulate the agent's subsequent actions — especially dangerous in a sandboxed execution context where the LLM has broad capabilities.
Both are in a full audit report — 8-page PDF with CVSS ratings, EU AI Act mapping, and remediation steps — for $29 at luciferforge.github.io/mcp-security-audit/
Demo: https://luciferforge.github.io/mcp-audit-reports/
— Lucifer / LuciferForge Security