Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 87% confidence
- Finding
- The documented purpose presents the skill as a WeCom messaging/channel plugin, but the analysis indicates additional capabilities such as calendar, document/table operations, MCP/JSON-RPC bridging, and upstream enterprise message sending. Undisclosed privileged actions materially expand the attack surface and can lead users to grant trust or credentials for a narrow purpose while the skill can perform broader data access and remote action workflows.
