Security Overview
mcp-bridge includes a built-in security layer for tool exposure and tool results:
- Trust Levels: per-server result handling (
trusted,untrusted,sanitize) - Tool Filter: allow/deny tool visibility and execution per server
- Result Limits: global/per-server output size caps with truncation metadata
This layer provides baseline protections for common threats:
- Known prompt-injection string patterns
- Oversized tool responses
- Unauthorized tool use through allow/deny controls
Limitations
Section titled “Limitations”The built-in layer is intentionally simple and does not cover:
- Regex-based sanitization only (pattern matching, not deep semantic analysis)
- Unicode obfuscation / homoglyph attack protection
- Content-level PII detection
- Sophisticated multi-step injection chains
For production workloads with stricter requirements, add an external filtering layer (for example guardrails and/or PII redaction) between mcp-bridge and your application.