v0.2.0 · live
CAPFRAME
← leaderboard/SpaceMolt/tool · prepay_tax
§ toolhttpSpaceMolt

prepay_tax

on https://game.spacemolt.com/mcp

Severity

critical0
high1
medium2
low0
info0

3 findings on this tool

  1. highexcessive agencyf-r4-prepay_tax

    Tool `prepay_tax` accepts an unbounded monetary / quota value

    The numeric parameter(s) `amount` have a money/quota-shaped name but no `maximum` constraint. An LLM tricked by indirect-injection can call the tool with arbitrarily large values.

    fix: Add a `maximum` (and ideally `minimum`) to each money/quota numeric, OR enforce the cap via a capframe-bind `--limit` caveat at the agent boundary.

    OWASP LLM08NIST MANAGE-2.2ATLAS T0051
  2. mediumunconstrained inputf-r1-prepay_tax

    Tool `prepay_tax` accepts unconstrained string input

    The following string parameter(s) have no `maxLength` constraint: `session_id`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.

    fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.

    OWASP LLM01NIST MEASURE-2.3ATLAS T0051
  3. mediumexcessive agencyf-r5-prepay_tax

    Tool `prepay_tax` description mentions money but no `money` side-effect is declared

    Description: "Prepay credits toward your next tax assessment (Moves credits from your wallet into a tax-prepayment pool. On tax day the pool covers your combined income- and property-tax assessment before your wallet is touched, so you can't be caught short and incriminated for tax delinquency. Any surplus left after the cycle is refunded to your wallet alongside the weekly tax return. Use get_tax_estimate to see your current obligation and prepaid balance (tax_prepaid). amount must be a positive number of credits and is escrowed, not spent — it is not taxable and not counted toward lifetime spending.)" -- this references money/payment/refund/etc., but the declared side_effects ([]) don't include `money`. A capframe-bind policy that relies on declared side_effects to scope spend caveats will under-scope this tool.

    fix: Add `money` to the tool's `side_effects` declaration, or rewrite the description to clarify that no actual money moves.

    OWASP LLM08NIST MEASURE-2.6ATLAS T0040

About this tool

prepay_tax is one of 196 tools exposed by SpaceMolt. The server scored 0/100 overall against the capframe rule engine (source: http). Last scanned 2026-06-21.

The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.