Prevent exposing tool internals in Apps SDK apps

ChatGPT Apps SDK
1

Hi there,

I’m currently building an OpenAI App using the Apps SDK + MCP server and I’m running into an issue where internal tool details are exposed to the end user.

In GPT responses, I sometimes see:

  • Internal identifiers like flightId

  • Phrases like “I will call tool XY” or similar tool invocation reasoning

Example:

“I’ll call the flight_vacancies widget for that flight — flightId XYZ123”

This breaks abstraction and exposes implementation details that should remain hidden from users.

What is the recommended way in Apps SDK / MCP to prevent “leaking” such information, which has a negative impact on the user experience? That said, I have not seen a proper way to give instructions (“System prompt”) to an Apps SDK app yet.

2

Hi @malteCondor

You can add to the server description that the tools are internal and must not be kept secret from the user. This can be reinforced by adding similar instruction to individual tool descriptions as well.

3

Thank you for your prompt reply! :slight_smile: I was under the impression that instructions from new McpServer (@modelcontextprotocol/sdk/server/mcp) is currently not considered within a GPT App, as I haven’t observed any changes in behavior so far. Could you clarify whether MCP-provided instructions are now officially supported and processed by Apps SDK apps?

Adding restrictions to the description for each registerTool is an option though, I will try that.