1stDibs
Browse and search luxury design items on 1stDibs marketplace
97/100
0Tools
1Findings
—Stars
—Downloads
Mar 19, 2026Last Scanned
Score Breakdown5 categories
Code100
Dependencies100
Config97
Description100
Behavior100
OWASP MCP Top 10 Coverage
MCP10-supply-chainMCP10-supply-chainPass
MCP02-tool-poisoningMCP02-tool-poisoningPass
MCP07-insecure-configMCP07-insecure-configFail
MCP08-dependency-vulnMCP08-dependency-vulnPass
MCP01-prompt-injectionMCP01-prompt-injectionPass
MCP03-command-injectionMCP03-command-injectionPass
MCP04-data-exfiltrationMCP04-data-exfiltrationPass
MCP09-logging-monitoringMCP09-logging-monitoringPass
MCP05-privilege-escalationMCP05-privilege-escalationPass
MCP06-excessive-permissionsMCP06-excessive-permissionsPass
Findings1
0critical
0high
0medium
1low
0informational
lowF4MCP Spec Non-ComplianceMCP07-insecure-config
Server fails MCP spec compliance checks: required:server_name; required:server_version; required:protocol_version; recommended:tool_descriptions; recommended:parameter_descriptions
Follow the MCP specification for server metadata. Include server name, version, and protocol version. Provide descriptions for all tools and parameters.
Security Category Deep Dive
Sub-Category Tree · Remediation Roadmap · Attack Stories · Compliance Overlay · ATLAS Techniques · Maturity Model
Prompt Injection
Prompt & context manipulation attacks
69
MATURITY
14
RULES
5
SUB-CATS
1
GAPS
64%
IMPL.
56
TESTS
1
STORIES
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
100%4 rules
Hidden instructions via external content and tool responses
100%2 rules
Context window saturation and prior-approval exploitation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
100%2 rules
Injection via prompt templates and runtime tool output