teneo-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes commands that explicitly print or export the wallet private key (wallet-export-key and export-login which prints "export TENEO_PRIVATE_KEY=..."), which would require the LLM to handle and potentially emit secret private key values verbatim if those commands are run or their output relayed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the CLI to query live Teneo network agents (see "Use this skill when" and the "Live Agent Examples"/"Available Agents" entries such as Google Search, Amazon, Instagram, TikTok) which fetch open/public social media and website content that the agent must read/interpret as part of its workflow and whose responses can influence subsequent commands, payments, or deployments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs installing and running remote code at runtime via the installer command "npx -y @teneo-protocol/cli", which fetches and executes package code from the npm registry and is required if the bundled CLI is missing.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes cryptocurrency wallet and payment functionality and is designed to move funds. It describes auto-generating encrypted wallets, signing on-chain transactions, handling x402 USDC micropayments, swaps/bridges/trades, and automatically paying agent fees. The command reference includes wallet-send , wallet-export-key (private key export), wallet-balance/check-balance, wallet-init, wallet-address, quote/command workflows that auto-resolve payment chains, and options to select payment chain (base|avax|peaq|xlayer). Those are specific crypto/blockchain/payment operations (signing transactions and sending USDC) rather than generic tooling, so this skill grants direct financial execution authority.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly guides creating, deploying, and installing background agent services (agent deploy / daemon management, systemd/launchd checks) and includes wallet private-key export, which modifies the host's runtime state and can run arbitrary code as services even though it doesn't request sudo; this poses a meaningful risk of compromising the machine.