mpp-agent

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill executes code from a remote source using npx agentcash onboard and performs unversioned global installations of the mppx package from the npm registry.
  • [COMMAND_EXECUTION]: The agent is instructed to use the terminal tool to run various CLI commands, including account creation and wallet logins (mppx account create, tempo wallet login, privy-agent-wallets login).
  • [EXTERNAL_DOWNLOADS]: The instructions require the agent to fetch external SKILL.md files from domains such as tempo.xyz, agents.privy.io, and agentcash.dev using the web_extract tool.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming instruction data from external URLs. 1. Ingestion points: https://tempo.xyz/SKILL.md, https://agents.privy.io/skill.md, and https://agentcash.dev/skill.md fetched via web_extract. 2. Boundary markers: No explicit delimiters or instructions are used to isolate or ignore embedded directives within the fetched content. 3. Capability inventory: Access to the terminal tool for executing shell commands and curl for network operations. 4. Sanitization: There is no evidence of validation or sanitization of the content retrieved from external URLs before it enters the agent context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 02:27 AM
Security Audit — agent-trust-hub — mpp-agent