A few weeks ago, we showed how a straightforward prompt-injection exploit can leak private SQL tables via the Supabase MCP integration in Cursor. Unfortunately, most MCP clients remain vulnerable. In this post, we reveal a far more powerful and generalizable attack: by abusing Claude's iMessage integration, an attacker can mint unlimited Stripe "coupons" (i.e. account credits in your payment system), or invoke any tool with arbitrary parameters, without alerting the user. The Problem This attack...