Comment by yuvrajangads

Fair point about web fetch already being a trust boundary. The difference I see is that web fetch returns data, but WebMCP tools can define actions. A tool called "add_to_cart" is a lot more dangerous than fetching a product page. The agent trusts the tool's name and description to decide whether to call it, and that metadata comes from the site.

But yeah, if you're already letting agents browse freely, the incremental risk might be smaller than I'm imagining.