pay-with-any-token

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses arbitrary 402 challenge bodies from service/resource URLs (see "Step 1 — Parse the 402 Challenge" in SKILL.md and the credential/x402 flows) and consumes quotes/responses from public Uniswap Trading API endpoints to decide swaps/bridges and transaction actions, so untrusted third-party content can directly influence tool use and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup step runs a runtime fetch-and-execute of an install script via curl "https://tempo.xyz/install" which downloads and then executes remote code (bash /tmp/tempo_install.sh) and is required for the skill to function, so it directly executes external code at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move money. It contains concrete, actionable blockchain payment and execution steps: installing and using the Tempo CLI to fulfill HTTP 402 payment challenges; swapping tokens via the Uniswap Trading API (quotes, approvals, permit signing, /swap broadcast); bridging tokens to the Tempo wallet (cross-chain bridge via the Trading API); and signing on-chain authorizations (EIP-3009, permitData, transaction broadcasts). It requires PRIVATE_KEY and UNISWAP_API_KEY, instructs how to construct and submit transactions, and enforces confirmation gates before broadcasting. These are specific crypto/financial execution capabilities (wallet management, swaps, bridge, signing and submitting transactions), so this skill grants direct financial execution authority.