tempo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to discover and call arbitrary public services using the tempo CLI (e.g., "tempo wallet -t services" and "tempo request ... <SERVICE_URL>/<ENDPOINT_PATH>"), to fetch endpoint docs/llms.txt and server responses, and to act on those responses (including 402 payment challenges), so untrusted third‑party content from service metadata and API responses can directly influence tool use, payment decisions, and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly tells users to run a remote installer with code-execution at runtime via "curl -fsSL https://tempo.xyz/install | bash", which fetches and directly executes remote code that the skill depends on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides wallet and payment functionality: it requires running "tempo wallet login", exposes wallet address/balance and network/key fields, instructs funding the wallet with "tempo wallet fund", mentions keys provisioned on-chain and signature versions, and uses "tempo request" to call paid services with automatic payment handling and a --max-spend/TEMPO_MAX_SPEND spend cap. These are specific crypto/wallet/payment operations (on‑chain keys, funding, and spending), not a generic HTTP tool, and therefore grant direct financial execution capability.