Security challenge should mention prompt injection explicitly

[dontcallmedom]

Assuming the agentic web described in the paper is built on top of LLM, a significant (and current) security challenge is managing prompt injection attacks (see e.g. https://simonwillison.net/2025/May/26/github-mcp-exploited/ )

[chgaowei]

This is a fairly common question regarding protocols. However, I believe it's not something that a protocol can solve. It may require a model to address it.
There may not be many means at the protocol level to handle this situation.

[ruoxiran]

Added a security section for further security consideration at: #10