Very cool project! The MCP surface area here (110 tools) is a great example of why tool-output validation is becoming critical.

When an AI agent interacts with binary analysis tools, there are two injection vectors worth considering:

1. *Tool output injection* — Malicious binaries could embed prompt injection in strings/comments that get passed back to the LLM via MCP responses

2. *Indirect prompt injection via analyzed code* — Attackers could craft binaries where the decompiled output contains payloads designed to manipulate the agent

For anyone building MCP servers that process untrusted content (like binaries, web pages, or user-generated data), filtering the tool output before it reaches the model is a real gap in most setups.

(Working on this problem at Aeris PromptShield — happy to share attack patterns we've seen if useful)