Visual prompt injection targeting the Model Context Protocol (MCP) is particularly dangerous because it allows attackers to embed hidden commands in images—such as steganographic text, low-contrast instructions, or adversarial patterns—that vision-capable models interpret as legitimate input. When processed, these visual payloads can manipulate the model’s behavior or trigger unintended tool use via MCP, such as accessing APIs, databases, or external systems. This bypasses traditional input sanitization and can result in unauthorized actions, data leakage, or compromise of downstream autonomous agents, posing a serious threat in agentic and multimodal AI systems.