tempo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to relay auth URLs and verification codes (e.g., the --no-browser login flow) verbatim to the user, which requires the LLM to handle/output sensitive authentication material directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The list mixes legitimate-looking official hosts (tempo.xyz, cli.tempo.xyz, GitHub repos/orgs with release assets and signature/checksum tooling) with high-risk patterns: an explicit curl | bash install URL, direct release/binary download links (GitHub release assets, cli.tempo.xyz binaries), and example/“evil” placeholders — together these make the sources potentially dangerous unless every downloaded binary is checksum- and signature-verified before execution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). High likelihood: the skill’s runtime workflow uses tempo wallet -t services --search <query> and tempo request ... <SERVICE_URL>/<ENDPOINT_PATH>, which fetches outsider-authored service directory/endpoint metadata and server response bodies (free text) that can be included in the agent’s LLM context via CLI output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's required setup explicitly instructs running "curl -fsSL https://tempo.xyz/install | bash" (and also suggests fetching https://tempo.xyz/SKILL.md), which fetches and executes remote code at runtime, so this is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides wallet and payment functionality: it provisions on-chain keys ("provision a fresh key"), requires wallet login, shows wallet address and balance, supports funding the wallet (tempo wallet fund), and the CLI performs "automatic payment handling" for tempo request calls. It also exposes spend controls (--max-spend, TEMPO_MAX_SPEND) and handles on-chain signature/version errors. These are specific crypto/wallet/payment primitives (wallet management, funding, signing/payment for requests) that enable direct financial execution.