A controlled empirical study across LangChain, MCP, and the Anthropic API. 3,274 trials measuring how injected instructions propagate through multi-step agent pipelines. Task framing, not framework architecture, drives vulnerability.
Across 3,274 controlled trials, task framing was found to drive vulnerability more than framework architecture. Instruction-following tasks reached 91% injection success rates under adversarial framing, with success correlating to instruction authority framing rather than payload complexity.
Hardened system prompts achieved 100% IPI mitigation across all tested frameworks. MCP adds no measurable attack surface relative to the raw API under equivalent task structures. Dataset and framework are open-sourced on GitHub and Zenodo.