tempo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads and searches third-party public documentation at https://docs.tempo.xyz/api/mcp and browses public source repositories (tempoxyz/tempo, tempoxyz/tempo-ts, paradigmxyz/reth, foundry-rs/foundry, wevm/viem, wevm/wagmi), so the agent ingests open web content that could contain untrusted or user-generated input and thus enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on a blockchain payments/protocol: it targets the Tempo network, TIP-20 tokens, stablecoins, Tempo transactions, fee sponsorship, and a native stablecoin DEX, and references the Tempo TypeScript SDK and node implementations. Those concepts and SDKs are specifically designed for crypto financial operations (wallets, token transfers, swaps, signing and submitting transactions). Even though the provided MCP tools are for browsing docs and source, the skill's primary and explicit purpose is working with on‑chain transactions and token/DEX functionality — i.e., moving value. Therefore it qualifies as Direct Financial Execution capability.