Model Context Protocol (MCP) servers enable AI agent integration but introduce security vulnerabilities through prompt injection attacks. Three main attack vectors are explored: external prompt injection (hidden malicious instructions in parsed content), tool prompt injection (malicious instructions in tool descriptions), and cross-tool hijacking (one tool contaminating another through concatenated descriptions). Testing with Claude Sonnet 4.5 shows modern models can detect some attacks but remain vulnerable, especially to cross-tool hijacking. Mitigation strategies include carefully reviewing agent actions before approval, regularly auditing installed MCP servers, and preferring self-developed servers over third-party ones.