Agentjacking: when your telemetry becomes a prompt-injection vector
Researchers turned a public Sentry DSN into remote code execution by hiding shell commands in an error report. How agentjacking works, why no single tool can filter it away, and how MCP observability surfaces the read-to-exec pivot it leaves behind.