Comment by michaelmior
7 months ago
> with the only restrictions being up to the app owner rather than it being up to me.
I don't see any reason sites using MCP-B couldn't have settings to restrict access to certain data based on user configuration.
7 months ago
> with the only restrictions being up to the app owner rather than it being up to me.
I don't see any reason sites using MCP-B couldn't have settings to restrict access to certain data based on user configuration.
Sure, but the leak risk is happening in a place outside the site's control.
If the purpose of the MCP-B tool on mail.com is to summarize your email, then the site needs to allow the agent to pull your email into the context window. Once it's in the context window it's available to any other MCP-B enabled site that can convince the agent to send it along.
Sure. My point was that you can limit what the agent is allowed to access at the very least. The fact that you need to trust the agent not to share the info is a n important, but separate concern.