pay-with-any-token

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses 402 challenge responses from remote services (see "Step 1 — Parse the 402 Challenge" in SKILL.md and Phase 6 in references/credential-construction.md) and directly uses untrusted fields (amount, token, recipient, chainId, etc.) to decide and execute swaps, bridges, and signing operations, so third‑party content can materially change the agent's tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly downloads and executes a remote install script at runtime using curl -fsSL https://tempo.xyz/install -o /tmp/tempo_install.sh && ... bash /tmp/tempo_install.sh, which fetches and runs remote code as a required setup step (high-risk).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move money. It defines end-to-end payment flows: detecting HTTP 402 payment challenges and satisfying them by funding a Tempo wallet using on-chain operations. It requires crypto credentials (cast keystore or PRIVATE_KEY), uses the Uniswap Trading API to create and broadcast swaps and cross-chain bridges, instructs signing permits and EIP-3009 transferWithAuthorization payloads, and describes broadcasting transactions, polling confirmations, and transferring bridged funds into the Tempo wallet. These are specific crypto/blockchain payment APIs and transaction-sending operations (swaps, bridges, signing, broadcasting), not generic tooling. Therefore it grants direct financial execution capability.