agent-card
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation references the official Agent Cards website (agentcard.sh) and its associated MCP server repository on GitHub (github.com/agent-cards/mcp). These are consistent with the skill's stated purpose and originate from the verified vendor.
- [COMMAND_EXECUTION]: Setup instructions include 'npx' commands ('npx agent-cards signup', 'npx agent-cards setup-mcp') for account creation and environment configuration. These are standard initialization steps for the service and do not execute hidden or malicious payloads.
- [CREDENTIALS_UNSAFE]: The README provides instructions for manual configuration using a JWT token stored in a local config file ('~/.agent-cards/config.json'). It correctly uses a placeholder ('') rather than hardcoding actual secrets.
- [PROMPT_INJECTION]: The SKILL.md file contains operational instructions for the AI agent but does not include patterns aimed at bypassing safety filters or overriding system instructions. It includes safety-oriented guidelines, such as requiring explicit user confirmation before closing cards or displaying sensitive card details (PAN/CVV).
Audit Metadata