teneo-agent-deployment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit instructions and command examples that embed secrets verbatim (e.g., echo "OPENAI_API_KEY=sk-..." into .env and guidance around a PRIVATE_KEY value), so an agent following it may be required to output or insert sensitive keys directly — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly defines command-based agents that accept and process external URLs and social media commands (e.g., "analyze " in the "Choose Your Path" section and the "Advanced Metadata Example" commands "profile", "timeline", "post_stats" which describe fetching public profiles and posts), meaning the agent is expected to fetch and interpret untrusted, user-generated third-party web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's immediate setup runs "npx -y @teneo-protocol/cli" (which fetches and executes an external npm package at install/runtime) and the scaffold/build steps fetch and compile the Go SDK from https://github.com/TeneoProtocolAI/teneo-agent-sdk, so remote code is retrieved and executed as a required runtime dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes crypto/blockchain payment and wallet functionality. It describes generating a private key/wallet identity, minting an on-chain NFT (nft.Mint()), handling USDC payments via x402 micropayments, RPC endpoint / chain interactions, and SDK methods that trigger or request on-chain transactions (TriggerWalletTx, SubmitForReview/WithdrawPublic with creator_wallet & token_id, GetRequesterWalletAddress). These are specific blockchain wallet & transaction operations (signing/sending on-chain transactions and settlement in USDC), which qualify as direct financial execution capability.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs the agent to autonomously install tooling, scaffold and build binaries, and "install as a background service" (systemd/launchd) and manage deployment lifecycle — persistent system changes that modify machine state even though it doesn't explicitly call sudo.