MCP access boundaries
Define what agents may do and what must stay outside agent memory.
Agent responsibility boundary
Agents can help create encrypted handoffs, request links, and burns. Agents should not memorize, summarize, transform, or log secret plaintext.
- Use local tools to create handoffs
- Do not paste secrets into prompts
- Do not ask agents to store recovery material
Allowed outputs
An MCP tool may return a safe link, request id, status, or redacted metadata. It should not return plaintext secret content, passphrases, API keys, recovery codes, or URL fragments as prose.
- Return redacted metadata
- Keep account material local
- Avoid prompt-visible private material
Agent-to-agent handoff
For agentic workflows, the safer pattern is to exchange a temporary encrypted Shhhs handoff or request link instead of embedding secrets in task instructions.
- Short TTL
- View limits
- Burn after completion