Microsoft warns that MCP tool descriptions can be manipulated to redirect AI agents, exposing sensitive data through trusted ...
Subagents run in their own isolated context window and return only a result to your main session — the intermediate work ...