agent-card
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
npm install,npx skills, and theagent-cardsCLI to install dependencies and manage the service environment. - [EXTERNAL_DOWNLOADS]: It downloads software from the npm registry (
agent-cards) and connects to a remote third-party MCP server (mcp.agentcard.sh) to facilitate card management and payments. - [CREDENTIALS_UNSAFE]: The setup instructions guide the agent to read a sensitive authentication token (JWT) from a local configuration file located at
~/.agent-cards/config.json. - [DATA_EXFILTRATION]: The skill provides tools to retrieve and display highly sensitive financial information, including full card numbers (PAN), CVV codes, expiry dates, and transaction histories, which are transmitted to a remote service endpoint.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Untrusted data enters the agent context via
list_transactions(merchant names) andread_support_chat(message history). Boundary markers: Absent; there are no specific delimiters or warnings to ignore instructions within these data fields. Capability inventory: The agent has high-risk capabilities includingcreate_card,close_card,get_card_details, andpay_checkout. Sanitization: Absent; the skill does not specify any validation or filtering of content retrieved from the external MCP tools.
Audit Metadata