Select Course🌐Language0PricingLogin
MCP Academy · Lesson

Validate & Sanitize Everything

Treat model-supplied input as untrusted.

Inputs Are Untrusted

Every argument the model passes to a tool is untrusted input. The model may be honest, but its arguments can be shaped by injected text, so verify them. 🔎

Validate Before You Act

Check shape, type, and range before a tool does anything real. Validation at the door turns a vague bad call into a clear, safe rejection.

All lessons in this course

  1. Threats Unique to MCP
  2. Least-Privilege Tool Access
  3. Validate & Sanitize Everything
  4. Guard Destructive Actions
← Back to MCP Academy