"Before passing data to the assistant, scan them for suspicious patterns like imperative verbs, SQL-like fragments, or common injection triggers. This can be implemented as a lightweight wrapper around MCP that intercepts data and flags or strips risky input."

lol