mpp-tempo-method
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on external data ingestion.
- Ingestion points: The instructions direct the agent to fetch live documentation from
https://mpp.dev/overviewand perform web searches for sample code on GitHub and general web searches for blockchain details. - Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores potentially malicious commands embedded in the fetched documentation or search results.
- Capability inventory: The skill is configured with powerful tools including
Write,Edit, andBash, which could be exploited if the agent encounters and follows instructions hidden in the external data. - Sanitization: There is no specified logic to sanitize, validate, or filter the content retrieved from external sources before the agent processes it.
Audit Metadata