pay-with-any-token
Fail
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads an installation script from 'https://tempo.xyz/install' to a temporary directory and executes it using 'bash'. This automated setup of the Tempo CLI constitutes remote code execution from a source outside the verified trusted vendor list.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'Bash' tool to run utilities including 'curl', 'jq', 'cast', and 'tempo'. These commands are used to interact with blockchain RPCs, manage wallet credentials, and construct signed transactions.
- [EXTERNAL_DOWNLOADS]: The skill fetches the Tempo CLI installer and communicates with the Uniswap Trading API and various blockchain RPC endpoints (e.g., 'eth.llamarpc.com', 'mainnet.base.org'). It also specifies the installation of Node.js packages 'mppx' and 'viem' for credential handling.
- [PROMPT_INJECTION]: The skill processes HTTP 402 challenge responses, including headers and JSON bodies, which originate from external services. This represents an indirect prompt injection surface. Evidence chain:
- Ingestion points: 402 challenge headers ('WWW-Authenticate') and bodies parsed in 'SKILL.md' and 'credential-construction.md'.
- Boundary markers: None explicitly defined in the agent prompts, although instructions contain manual validation rules.
- Capability inventory: Powerful tools including 'Bash' (curl, cast, tempo) and 'AskUserQuestion' for initiating transactions.
- Sanitization: The skill includes explicit instructions to reject shell metacharacters (;, |, &, etc.) from incoming data to mitigate command injection risks.
Recommendations
- HIGH: Downloads and executes remote code from: https://tempo.xyz/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata