Browserless fetch snapshot for agents, crawlers, and cheap verification tools. The interactive React app still hydrates this route for humans.

Agent security & tool / MCP poisoning - AIIDIOTSAI Solutions

Agent security and tool / MCP poisoning: tool descriptions ask for credentials or exfiltration, a low-privilege tool induces a high-privilege call, and one agent holds private data, untrusted content, and an external send channel at once.

Root cause: tool metadata and output trusted as system instructions; no manifest integrity or tool-call boundary; the lethal trifecta in one agent. First safe move: inspect tool names, descriptions, schemas, and permissions before use, and treat all tool metadata and output as untrusted.

Fix: break the trifecta into separate components with a human gate at the boundary; enforce least privilege and a deterministic tool-call policy; require human approval for send, purchase, delete, or deploy, with no self-approval. Machine view: /solutions/agent-security.json.

Canonical route: https://aiidiots.ai/solutions/agent-security