MCP-SandboxScan: WASM-Based Secure Execution and Runtime Analysis for MCP Tools

Tool-augmented LLM agents raise new security risks: tool executions can introduce runtime-only behaviors, including prompt injection and unintended exposure of external inputs e.g., environment secrets or local files. While existing scanners often focus on static artifacts, analyzing runtime...