A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions.
« These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README,
