Microsoft warns that poisoned MCP tool descriptions can steer AI agents into leaking sensitive data through approved tool calls.