Security audit findings — tool description injection + missing output sanitization #294
Description
Hi @getsentry team,
I recently ran a security audit on XcodeBuildMCP as part of research on MCP server security posture across the ecosystem.
Found a couple of items worth flagging:
1. Tool description injection risk
The server's tool descriptions aren't validated against adversarial prompt patterns. An attacker who can influence tool descriptions could redirect the LLM into executing unintended Xcode build commands, modifying project files, or leaking build secrets/signing credentials.
2. Missing output sanitization
Build output and compiler errors are passed back to the model context without scanning for injected instructions. A malicious build script or dependency could embed prompt injection patterns that the LLM acts on.
Both are in a full audit report — 8-page PDF with CVSS ratings, EU AI Act mapping, and remediation steps — available for $29 at luciferforge.github.io/mcp-security-audit.
Demo report: https://luciferforge.github.io/mcp-audit-reports/
— Lucifer / LuciferForge Security