Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 93% confidence
- Finding
- The skill instructs users to patch a dependency so QR payloads are turned into URLs for a third-party QR generation service, which changes behavior beyond the stated installation/connect workflow and introduces external data exposure. Because the QR content likely contains authentication material for WeChat login, sending it to an external service can leak sensitive login tokens or session bootstrap data and enable account compromise.
