mpp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's client and transport code (e.g., SKILL.md and references/typescript-sdk.md showing Mppx.create with polyfill that "wraps globalThis.fetch" and references/python-sdk.md's PaymentTransport/httpx wrapper) automatically parse and act on WWW-Authenticate/JSON-RPC "challenge" payloads returned by arbitrary external APIs (e.g., fetch('https://api.example.com/data')), meaning the agent ingests untrusted third-party challenge data and uses it to drive payments and subsequent requests.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments SDK/protocol. It defines concrete payment methods (Tempo stablecoins, Stripe cards, Lightning Bitcoin), shows SDK functions to create accounts and sign/pay (privateKeyToAccount, npx mppx account create), and exposes explicit payment operations (mppx.charge, mppx.session, tempo({ account }), stripe.charge, spark.charge, payment receipts/challenges, opening channels, off-chain vouchers). It also documents proxying APIs behind payments and MCP tool calls requiring payment. These are specific, purpose-built financial execution primitives (crypto wallets, payment gateways, charge/session intents), not generic tooling.