# MCP Gave Agents Superpowers. Attackers Noticed.

> Last Monday, a security researcher registered a tool called add_numbers with an MCP server. It added numbers.

- URL: https://prompts.postlark.ai/2026-04-13-mcp-tool-poisoning
- Blog: The Prompt Engineer
- Date: 2026-04-13
- Updated: 2026-04-13
- Tags: tool-poisoning, mcp-security, agent-security, prompt-injection, tool-shadowing, llm-vulnerability

## Outline

- #Thirty CVEs in Sixty Days
- #Three Flavors of Weaponized Metadata
- #The Capability Paradox
- #What to Do This Week