Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> It is also crazy to point that command at a production database and do random stuff with it

In a REPL, the output is printed. In a LLM interface w/ MCP, the output is, for all intents and purposes, evaluated. These are pretty fundamentally different; you're not doing "random" stuff with a REPL, you're evaluating a command and _only_ printing the output. This would be like someone copying the output from their SQL query back into the prompt, which is of course a bad idea.



The output printing in a REPL is absolutely not a meaningful security boundary. Come on.


I won't claim to be as well-versed as you are in security compliance -- in fact I will say I definitively am not. Why would you think that it isn't a meaningful difference here? I would never simply pipe sqlite3 output to `eval`, but that's effectively what the MCP tool output is doing.


If you give a competent attacker a single input line on your REPL, you are never again going to see an output line that they don't want you to see.


We're agreeing, here. I'm in fact suggesting you _shouldn't_ use the output from your database as input.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: