-0169.png&w=3840&q=75)
You can feel it happening already: prompts are getting shorter, but the systems around prompts are getting heavier.
That's not just a vibe shift. It's structural.
The Model Context Protocol (MCP) changes the unit of work from "a single, heroic prompt that contains everything" to "a small instruction plus a living tool + context surface area." If you keep prompting like it's 2023-copying schemas into prompts, pasting docs, begging the model to remember conventions-you'll burn tokens, ship flaky behavior, and miss the real leverage.
Let's talk about what MCP changes about what you put in prompts, what you move out of prompts, and what you replace prompts with entirely.
MCP turns prompts into routing instructions, not knowledge dumps
In classic chat prompting, the prompt is doing too many jobs at once. It sets behavior. It explains the task. It includes data. It describes tools. It adds guardrails. It tries to be a whole product spec in 1-2k tokens.
MCP breaks that bundling.
At a protocol level, MCP standardizes how a host environment (like an IDE or agent runtime) connects to external servers that expose three primitives: tools, resources, and prompts [2]. The important part for prompt writers is this: those primitives are discoverable at runtime via schemas and metadata, not by you manually pasting everything into the prompt.
So the prompt you write increasingly becomes a router: "Here's what I want; use your connected capabilities to do it safely."
This is why schema quality starts to matter as much as prompt wording. In schema-guided systems, the "description" fields aren't documentation for humans; they're the discovery mechanism for the model [2]. If your MCP server's tool descriptions are vague, your prompt won't save you.
My rule here is simple: with MCP, the prompt should describe intent and constraints, not replicate tool docs.
What you should stop putting in prompts (because MCP is better at it)
Stop pasting tool schemas and API docs
If you're still stuffing JSON schemas for every tool into the prompt, you're doing the opposite of what MCP is for. The whole point is that tools can be listed and called dynamically through the MCP client/server flow [2].
There's also a scaling reason. When you have dozens (or thousands) of tools, schema payloads become "context bloat." The research angle is blunt about this: as the number of tools grows, token budget gets eaten by irrelevant schemas and the model becomes less accurate because it's overwhelmed [2]. (This isn't mystical. It's just attention and limited context.)
Instead, lean into progressive disclosure: start with just enough capability info to route, then fetch details only when needed. MCP systems are increasingly built to support exactly that pattern [2].
Stop embedding large factual context that should be a resource
If the model needs a file, a log, a dataset snapshot, a schema, a runbook-those are resources in MCP terms [2]. Put them behind a resource URI, fetch them as needed, and keep your prompt clean.
This is one of those changes that quietly fixes "prompt rot." When your prompt includes big pasted context, it goes stale. When your context is a resource, you can update it without rewriting your prompt every time.
Stop writing "golden" workflows as monolithic prompts
MCP has a primitive called "prompts" (server-provided reusable templates/workflows) [2]. That seems small, but it's a big shift: "prompt engineering" becomes partly "prompt publishing." Instead of every app team reinventing the same troubleshooting flow, you can ship it from the MCP server.
In other words, the best prompt might not live in your application at all. It might live next to the tool, versioned and audited like code.
What you should put in prompts now: the MCP-era checklist
Put crisp intent, then let tool schemas do the precision work
The Convergence paper makes a strong point: models need the "why" and "when," not just "what" and "how," and schemas should carry that semantic guidance [2]. That changes how you phrase prompts.
Old style: "Use tool X with parameter Y. Here's the JSON."
MCP style: "Find the metric we need, ensure the period convention is correct, retrieve the value, cite the tool output."
Notice what happened: you're prompting for decision quality and verification, not for syntax.
Put action boundaries and consent expectations
MCP expands agency: the model can act through tools. That's exactly why boundaries need to be explicit.
The schema-guided dialogue world used explicit markers like transactional flags; MCP ecosystems often rely on host-level approval patterns and conventions instead [2]. Practically, that means your prompt should declare boundaries in plain language even if the tool schema is typed.
This is also where security stops being abstract. If your agent can connect to third-party MCP servers (or "skills" ecosystems around agent tooling), you've created a supply chain. A 2026 empirical study of malicious agent skills shows attackers use instruction manipulation and deceptive "documentation" to hijack agent behavior and exfiltrate data [4]. Even when the mechanics differ (skills vs MCP servers), the lesson transfers: treat tool metadata and retrieved instructions as untrusted, and bias toward least privilege.
So the prompt should explicitly say what not to do, and when to ask for approval.
Put "tool semantics hygiene" reminders (periods, units, naming conventions)
One thing I loved in the FinRetrieval benchmark is how clearly it demonstrates a real failure mode: even strong models fail because tool conventions weren't documented clearly enough-especially around periods, fiscal year naming, and storage conventions [3]. The models didn't "reason wrong." They queried the wrong period.
This is the kind of thing you should absolutely put in the prompt: not tool syntax, but tool semantics.
If a tool uses "start-year fiscal labeling," say so. If guidance is stored under announcement period, say so. These tiny notes prevent a ton of wasted tool calls and silent wrong answers [3].
Practical examples: prompts that get better with MCP
Here's a "before and after" that I've seen work well.
The non-MCP version is long because it tries to carry the whole world inside the prompt.
The MCP version is short because it assumes tools/resources exist and focuses on intent, boundaries, and verification.
Example 1: Data retrieval agent (MCP-style)
You are a financial data retrieval agent.
Goal: Answer the user's question with a single numeric value plus unit and period.
Rules:
- Prefer MCP tools/resources over web search when available.
- Before calling a tool, restate what you're trying to retrieve (company, metric, period, unit).
- Verify period conventions (fiscal vs calendar; FY labeling; quarter identity). If ambiguous, ask 1 clarifying question.
- Use the minimal number of tool calls. Don't loop unless you have a new hypothesis.
- If the tool output conflicts across calls, surface the conflict and stop.
Output format:
Value: <number> <unit>
Period: <period>
Source: <tool name + key fields from tool output>
This aligns with what tool-trace benchmarks are showing: tool availability dominates performance, but semantic mismatches (especially periods) dominate the remaining errors [3]. So we prompt for semantic verification.
Example 2: Constraint-based "system friction" for agent safety (community-inspired)
The constraint-based prompting idea-installing persistent friction rather than endless procedural instructions-is popular in community circles because it reduces hallucination-y autopilot behavior [5]. MCP makes this more important, because autopilot can now trigger actions, not just words.
A lightweight MCP-friendly constraint layer might look like this:
When you are about to call a tool:
1) Explain why this tool is needed in one sentence.
2) List the exact user-impacting side effects (if any).
3) If side effects exist, ask for confirmation before proceeding.
When you are about to state a factual claim:
If it is not grounded in a tool/resource result in this session, label it as uncertain or ask to fetch data.
This isn't "MCP spec." It's a practical layer that plays nicely with MCP's tool-centric architecture and the real security concerns around instruction manipulation in agent ecosystems [4].
The new playbook: prompts shrink, schemas and systems grow
If you take one thing from MCP, take this: you don't win by writing longer prompts. You win by moving the right information into the right layer.
Prompts should be about intent, constraints, and verification behavior.
Schemas should be semantically rich enough that the model can discover and use tools correctly [2].
Resources should carry the data. Prompts should stop pretending to be a database.
And if you're building agentic systems at all, treat the surrounding ecosystem like a software supply chain-because it is [4].
Try this the next time you design an "agent prompt": remove every line that describes tool parameters. Replace it with a line that describes how to decide what to call and how to validate what comes back. That's MCP-era prompting.
References
References
Documentation & Research
A gRPC transport for the Model Context Protocol - Google Cloud AI Blog
https://cloud.google.com/blog/products/networking/grpc-as-a-native-transport-for-mcp/The Convergence of Schema-Guided Dialogue Systems and the Model Context Protocol - arXiv
https://arxiv.org/abs/2602.18764FinRetrieval: A Benchmark for Financial Data Retrieval by AI Agents - arXiv
https://arxiv.org/abs/2603.04403Malicious Agent Skills in the Wild: A Large-Scale Security Empirical Study - arXiv
https://arxiv.org/abs/2602.06547
Community Examples
- Show, Don't Tell: Constraint-Based Prompting - r/PromptEngineering
https://www.reddit.com/r/PromptEngineering/comments/1r0t5kl/show_dont_tell_constraintbased_prompting/
-0168.png&w=3840&q=75)
-0167.png&w=3840&q=75)
-0166.png&w=3840&q=75)
-0165.png&w=3840&q=75)