How My Fake MCP Server Tricked an AI Into Calling a Tool It Refused Me

We host a malicious MCP server whose tool responses trick OSSBot into calling a restricted internal tool and leaking the flag. OopsSec Store's AI assistant lets you plug in custom MCP servers. The idea is extensibility. The problem is that tool responses go straight to the LLM with zero filtering, so if you host your own server and return poisoned responses, you can trick the AI into calling a restricted internal tool it would normally refuse to touch. Initialize the OopsSec Store application: n
