teneo-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly invokes agents that fetch and ingest open/public user-generated web content (e.g., Amazon agent "product/reviews", Google Maps "business/reviews", Instagram "comments/hashtag", TikTok "video/hashtag", and Google Search "search" as shown in SKILL.md), and those scraped texts are read/processed as part of the agents' workflows and can drive downstream decisions or CLI actions, creating a clear avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly states that the bundled Teneo agents "perform real tasks — token swaps" and exposes a CLI to send commands to agents (e.g., ~/teneo-skill/teneo command " "). The available agents list includes crypto/trading-specific agents (e.g., Predexon Prediction Market Trading, Squid Router, Uniswap-related agents, CoinMarketCap, CryptoQuant, LayerZero, Aave V3 components) and the description calls out token swaps and trading-related functionality. Per the decision logic, this is a specific crypto/blockchain capability (swaps/transactions) intended to move value, not a generic tool. Therefore it grants Direct Financial Execution authority.