diff --git a/docs/profiles.md b/docs/profiles.md
index e85ae1a..0d335d9 100644
--- a/docs/profiles.md
+++ b/docs/profiles.md
@@ -40,10 +40,14 @@
 | Key | Type | Default | Description |
 |---|---|---|---|
 | `enabled_tools` | list[str] | **required** | Tool names available in the main loop |
-| `subagent_tools` | list[str] | `[]` | Tools available to sub-agents spawned from this profile. Falls back to `enabled_tools` (full list) if empty. |
+| `subagent_tools` | list[str] | `[]` | Tools available to sub-agents spawned from this profile. Falls back to `enabled_tools` (full list) if empty. **Also acts as a whitelist for MCP tools** — only `mcp:<server>:<tool>` entries listed here are exposed to the sub-agent. If the list is non-empty and contains no `mcp:` entries, the sub-agent receives no MCP tools at all. |
 
 `spawn_agent` may receive an optional `profile_id`. If omitted, the subagent uses the parent session's current profile. If provided, the subagent uses the selected profile's model, prompt, planning flags, and `subagent_tools`/`enabled_tools` fallback.
 
+### MCP tools in sub-agents
+
+When `subagent_tools` is non-empty, `mcp_servers` is filtered so that only MCP tools whose full name (`mcp:<server>:<tool>`) appears in `subagent_tools` are available to the sub-agent. This prevents a profile's main MCP servers from leaking into restricted sub-agent contexts. To grant a sub-agent access to a specific MCP tool, add it explicitly to `subagent_tools`, e.g. `mcp:navi-web:web_search`.
+
 ### Thinking mechanics
 
 | Key | Type | Default | Description |