Hey,
Great article. I especially liked your observation that the core problem isn't prompt injection itself—it's that agentic systems blur the line between data and commands while holding real privileges.
The way you tied together the supply-chain attack, Cursor vulnerability, and MCP issue under the same architectural pattern was genuinely thought-provoking.
I have one idea and I believe that your expertise is very good fit for this. Would love to connect if you're open to it.