I maintain bulwark-mcp , a small open-source proxy that sits between an MCP client (Claude Desktop, Cursor) and the servers it talks to, and scans tool results for indirect prompt injection before they reach the model. The reason that's a job worth doing: an MCP-enabled agent reads the output of...
Source: [Dev.to](https://dev.to/churik5/i-tried-to-break-my-own-mcp-prompt-injection-detector-one-class-of-attack-walks-straight-through--4534)