diff --git a/.mcp.json.example b/.mcp.json.example
index d0f68704..99531813 100644
--- a/.mcp.json.example
+++ b/.mcp.json.example
@@ -3,7 +3,7 @@
     "molecule": {
       "type": "stdio",
       "command": "npx",
-      "args": ["-y", "@molecule-ai/mcp-server"],
+      "args": ["-y", "@molecule-ai/mcp-server@1.0.0"],
       "env": {
         "MOLECULE_URL": "http://localhost:8080"
       }
diff --git a/workspace-server/internal/handlers/memories.go b/workspace-server/internal/handlers/memories.go
index faea5ff9..824e40e5 100644
--- a/workspace-server/internal/handlers/memories.go
+++ b/workspace-server/internal/handlers/memories.go
@@ -179,6 +179,14 @@ func (h *MemoriesHandler) Commit(c *gin.Context) {
 	content := body.Content
 	content, _ = redactSecrets(workspaceID, content)
 
+	// SAFE-T1201: prevent delimiter spoofing in GLOBAL memories (#807).
+	// If content contains the delimiter prefix "[MEMORY ", an attacker could
+	// craft a fake nested delimiter to inject instructions when the memory
+	// is read back. Escape the bracket so it renders as text, not structure.
+	if body.Scope == "GLOBAL" {
+		content = strings.ReplaceAll(content, "[MEMORY ", "[_MEMORY ")
+	}
+
 	var memoryID string
 	err := db.DB.QueryRowContext(ctx, `
 		INSERT INTO agent_memories (workspace_id, content, scope, namespace)