AGENTFORCE-MCP-01: Token Passthrough Exposure Configuration
๐จ Critical ยท Headless MCP Access
Detects MCP server configurations using static OAuth client IDs without PKCE enforcement, missing Device Authorization Grant patterns, or lacking Flex Gateway routing policies. Prevents token passthrough attacks where session credentials are exposed to external agents.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-MCP-01 |
| Severity | Critical |
| Category | Headless MCP Access |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-MCP-01.