CTO & Co-Founder, Atoa. Building open banking payments for the UK. Half the cost of cards. Instant settlement. FCA-authorised. I hire for intent, not resumes. I write about payments, AI, and the messy
The prompt injection via tool responses (#3) is the one that keeps me up at night in a fintech context. If your MCP server fetches external content and returns it raw, you're essentially letting any webpage author give instructions to your AI agent. For payments infrastructure, that's not a theoretical risk — it's the kind of thing that shows up in FCA audit findings.
The Zod validation fix in #6 is exactly the pattern we use across our services too, though I'd push it further: validate the output of tool calls with Zod, not just the input. If an MCP tool is expected to return a structured payment record, parse it against a schema before the agent acts on it. Garbage in from an external API shouldn't become garbage that drives a financial decision.
Good list. The credentials-in-error-messages one (#5) is embarrassingly common and embarrassingly easy to fix.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The prompt injection via tool responses (#3) is the one that keeps me up at night in a fintech context. If your MCP server fetches external content and returns it raw, you're essentially letting any webpage author give instructions to your AI agent. For payments infrastructure, that's not a theoretical risk — it's the kind of thing that shows up in FCA audit findings.
The Zod validation fix in #6 is exactly the pattern we use across our services too, though I'd push it further: validate the output of tool calls with Zod, not just the input. If an MCP tool is expected to return a structured payment record, parse it against a schema before the agent acts on it. Garbage in from an external API shouldn't become garbage that drives a financial decision.
Good list. The credentials-in-error-messages one (#5) is embarrassingly common and embarrassingly easy to fix.