mpp-agent

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required runtime workflow includes probing and paying a user-supplied merchant URL (e.g., curl -i <url> and then mppx <url>), which can cause the agent to ingest outsider-authored free text from arbitrary public web content/HTTP responses (including www-authenticate challenge text) into the LLM context via the tool outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly tells the agent to use web_extract at runtime to fetch and follow external onboarding SKILL.md files (e.g. https://tempo.xyz/SKILL.md, https://agents.privy.io/skill.md, https://agentcash.dev/skill.md), which injects remote content that directly controls agent instructions and may include commands to execute—thus a runtime dependency that can control prompts/behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute payments: it wraps Machine Payments Protocol clients and provides concrete CLI commands to "pay the request" (e.g., mppx <url>, tempo wallet pay <url>, link-cli mpp pay). It references specific payment tools/providers (Stripe Link / SPT, Tempo Wallet, Privy Agent, AgentCash) and requires a funded wallet or account. These are direct payment/crypto wallet operations (sending funds/attaching payment tokens), not generic automation — therefore it grants direct financial execution capability.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 02:27 AM
Issues
3
Security Audit — snyk — mpp-agent