mppx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's Client and CLI examples explicitly polyfill global fetch and demonstrate making paid requests to arbitrary URLs (e.g., fetch('https://api.example.com/resource') and npx mppx example.com), so the agent will ingest and act on untrusted HTTP responses (402 payment challenges) from public sites which can materially influence subsequent actions like performing payments.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments SDK and includes concrete payment operations and integrations: tempo.charge (one-time TIP-20 stablecoin token transfer), tempo.session (streaming payment channels), stripe.charge (one-time Stripe payment), server API mppx.charge(...) to perform charges, and a CLI that can create wallets and make paid requests. These are specific financial execution primitives (crypto wallet transfers, Stripe charges, updating payment flows), not generic utilities.