Detection question

[Subway2023]

Could you please explain how mcp-scan detects prompt injection and cross-origin escalation attacks? Specifically, where is the code implementation for these located

The tool named "prompt injection attacks" is detected through Invariant Guardrails. May I ask what the specific detection logic is, and where exactly in the code it is implemented? I would like to study it.

[Viehzeug]

The scans are proprietary and implemented server-side.
An older version of cross-origin checking can be found here:

mcp-scan/src/mcp_scan/MCPScanner.py

Line 199 in 17836bd

async def check_cross_references(self, path_result: ScanPathResult) -> CrossRefResult: