A nasty SQL injection bug in Anthropic’s now-retired **Postgres MCP server** let attackers blow past read-only mode and run whatever SQL they wanted. The repo got archived back in May 2025—but it’s far from dead. The unpatched package still racks up 21,000 NPM installs and 1,000 Docker pulls every week. **System shift:** This busted-but-popular MCP reference code sits at the core of a lot of AI agents. It's a quiet reminder: insecure scaffolding still shapes how these systems fetch and handle data.