MCP-006: Untrusted Annotations - MCP
Summary
- Rule ID:
MCP-006 - Severity:
HIGH - Category:
MCP - Normative Level:
MUST - Auto-Fix:
No - Verified On:
2026-02-04
Applicability
- Tool:
all - Version Range:
unspecified - Spec Revision:
2025-06-18
Evidence Sources
Test Coverage Metadata
- Unit tests:
true - Fixture tests:
true - E2E tests:
false
Examples
The following examples demonstrate what triggers this rule and how to fix it.
Invalid
{
"name": "read-file",
"description": "Reads a file and returns its contents as text",
"inputSchema": { "type": "object" },
"requiresApproval": true,
"annotations": { "readOnlyHint": true, "title": "File Reader" }
}
Valid
{
"name": "read-file",
"description": "Reads a file and returns its contents as text",
"inputSchema": { "type": "object" },
"requiresApproval": true
}