Skills
skills/tenequm/skills/mpp/Gen Agent Trust Hub

mpp

Fail

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation instructs users and agents to execute npx mppx for account management and network requests. This utility downloads and runs arbitrary code from the NPM registry at runtime without version pinning or integrity verification.
  • [EXTERNAL_DOWNLOADS]: The skill requires multiple third-party dependencies from unverifiable sources, including mppx, pympp, and @buildonspark/lightning-mpp-sdk. Notably, the references/tempo-method.md file suggests using @anthropic-ai/mpp, a package name that mimics official Anthropic naming conventions but is not an established library, indicating potential impersonation or typosquatting.
  • [CREDENTIALS_UNSAFE]: The SKILL.md file contains a hardcoded API key pattern (sk-...) within a proxy configuration example. While presented as an example, this matches the signature of live credentials and includes a pragma to suppress security scanners.
  • [PROMPT_INJECTION]: The skill describes a protocol where the agent is expected to ingest and act upon WWW-Authenticate challenges from external servers.
  • Ingestion points: 402 challenge headers (WWW-Authenticate) and MCP error data from third-party tools.
  • Boundary markers: None identified; the skill suggests that clients should handle challenges "transparently" or "automatically."
  • Capability inventory: Signing cryptographic transactions, spending digital assets (stablecoins/Bitcoin), and performing network operations based on external challenge data.
  • Sanitization: The skill relies on Zod validation defined within its own external SDKs, which is not verified by this analysis.
  • [COMMAND_EXECUTION]: The instructions require the agent to perform various shell-based operations, including account creation and wallet management (mppx account create, tempo wallet sessions close), which modify local system state and manage sensitive financial data.
  • [DATA_EXFILTRATION]: By design, the protocol transmits payment credentials—which may include transaction signatures and user-specific identifiers—to external 'realms' defined by the server providing the 402 challenge.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 9, 2026, 05:01 PM