Thanks.
Yes, I know it has nothing to do with background agent!
I was saying that it’s surprising that a new feature (background agent) is being security audited (or it was during beta I believe?), but a feature that has been out longer (MCP) seems to still have security issues.