mpp-tempo-method

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on external data ingestion.
  • Ingestion points: The instructions direct the agent to fetch live documentation from https://mpp.dev/overview and perform web searches for sample code on GitHub and general web searches for blockchain details.
  • Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores potentially malicious commands embedded in the fetched documentation or search results.
  • Capability inventory: The skill is configured with powerful tools including Write, Edit, and Bash, which could be exploited if the agent encounters and follows instructions hidden in the external data.
  • Sanitization: There is no specified logic to sanitize, validate, or filter the content retrieved from external sources before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — mpp-tempo-method