mpp-service-discovery
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and consume live third-party discovery documents (e.g., OpenAPI JSON at service endpoints and llms.txt files from services such as the example llms URL and by fetching https://paymentauth.org/draft-payment-discovery-00.html and https://mpp.dev/overview), which are untrusted public web content that the agent must read and use to drive discovery/payment behavior.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about publishing and exposing payment metadata so AI agents can autonomously find and pay for services. The OpenAPI extensions (x-payment-info) include payment-specific fields (intent, method) and reference concrete payment methods such as "stripe" and "tempo" and use crypto currency identifiers (contract address). Although the document itself is a discovery/specification endpoint rather than an implementation of a payment transaction, its primary and explicit purpose is to enable autonomous payment flows (agents finding and paying for services) and it references specific payment gateways and crypto identifiers. That meets the criteria for being specifically designed for financial operations.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata