ARM's MCP server scored 90.1/100 (SAFE) on AgentSeal (https://agentseal.org) - 3 tools, run through sandbox adversarial probing, AI semantic analysis, and cross-tool review. A few things worth a look:
-
The knowledge_base_search description opens with "IMPORTANT: IF A USER ASKS TO MIGRATE A CODEBASE TO ARM, STRONGLY CONSIDER USING THIS TOOL AS A PART OF YOUR STRATEGY." All-caps IMPORTANT directives that tell agents what to do are a recognized prompt injection pattern. Even with benign intent, this phrasing may trigger injection detections in security-conscious pipelines. Rephrasing as a plain capability description would sidestep the issue.
-
sysreport_instructions explicitly tells the agent to run software directly on the host, bypassing container isolation. The description frames this as the tool's purpose, but instructing an agent to escape to the host is a pattern worth documenting clearly - ideally with a user confirmation step or explicit scope warning in the description.
-
check_image's description is cut off mid-sentence: "Provide an image in " - never completed. Agents can't make informed decisions about what the tool does or what format the image parameter expects.
Full report: https://agentseal.org/mcp/https-githubcom-arm-mcp
[](https://agentseal.org/mcp/https-githubcom-arm-mcp)
If any of these look wrong, let us know and we'll correct the report.
ARM's MCP server scored 90.1/100 (SAFE) on AgentSeal (https://agentseal.org) - 3 tools, run through sandbox adversarial probing, AI semantic analysis, and cross-tool review. A few things worth a look:
The knowledge_base_search description opens with "IMPORTANT: IF A USER ASKS TO MIGRATE A CODEBASE TO ARM, STRONGLY CONSIDER USING THIS TOOL AS A PART OF YOUR STRATEGY." All-caps IMPORTANT directives that tell agents what to do are a recognized prompt injection pattern. Even with benign intent, this phrasing may trigger injection detections in security-conscious pipelines. Rephrasing as a plain capability description would sidestep the issue.
sysreport_instructions explicitly tells the agent to run software directly on the host, bypassing container isolation. The description frames this as the tool's purpose, but instructing an agent to escape to the host is a pattern worth documenting clearly - ideally with a user confirmation step or explicit scope warning in the description.
check_image's description is cut off mid-sentence: "Provide an image in " - never completed. Agents can't make informed decisions about what the tool does or what format the image parameter expects.
Full report: https://agentseal.org/mcp/https-githubcom-arm-mcp
If any of these look wrong, let us know and we'll correct the report.