Skip to content

security(mcp): warn on sensitive field names in elicitation requests #2523

Closed
#2530
Closed
security(mcp): warn on sensitive field names in elicitation requests#2523
#2530
Assignees
bug-ops
Labels
P2High value, medium complexityenhancementNew feature or requestsecuritySecurity-related issue
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 31, 2026

Context

Added in #2521. MCP servers can send elicitation requests with field names like password, token, secret, api_key. Currently the agent prompts for these without any warning, creating a phishing vector.

Required work

  • Detect field names matching a configurable list of sensitive patterns (password, token, secret, key, credential, etc.)
  • Show a visible warning before prompting: "Warning: [server-name] is requesting sensitive information (field: password). Only proceed if you trust this server."
  • Config: [mcp] elicitation_warn_sensitive_fields = true (default true)

Related: #2486, PR #2521

Metadata

Metadata

Assignees

Labels

P2High value, medium complexityenhancementNew feature or requestsecuritySecurity-related issue

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions