Skills
skills/aradotso/trending-skills/gpt-agreement-payment-replay/Snyk

gpt-agreement-payment-replay

Fail

Audited by Snyk on Apr 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The listed URLs include legitimate APIs and local endpoints but point to an unknown GitHub repository and a third-party site that instructs cloning and running unverified code (including automation, network tools, and custom binaries/scripts) which — while not direct .exe downloads — pose a moderate-to-high risk of distributing malware or enabling abusive actions if the repo or fetched packages are malicious or compromised.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This repository is explicitly designed to automate and evade payment/anti‑fraud controls (Stripe/PayPal replay, hCaptcha visual solver, proxy/IP rotation, Cloudflare abuse, self‑healing daemon) to obtain and persist ChatGPT subscription refresh_tokens and related credentials, i.e., deliberate fraud/credential theft and anti‑abuse evasion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill autonomously browses and interacts with live third-party sites (Stripe, PayPal, ChatGPT, Cloudflare/hCaptcha) and explicitly ingests hCaptcha challenge prompts/images via CTF-pay/hcaptcha_auto_solver.py (used with a Playwright page) and pipeline.py/CTF-pay/card.py, so untrusted web content is parsed and used to drive clicking/flow decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to automate payment flows: it implements "Stripe Checkout → PayPal billing agreement" replay, includes a large Stripe checkout replay module, PayPal credentials/TOTP fields in config, Stripe confirm and poll-for-succeeded logic, and WebUI/API endpoints to trigger single, batch, and daemon runs that execute those flows. Those are specific payment-gateway integrations and actions to create/confirm billing/payment agreements (i.e., move money/subscriptions), not generic browser automation. Therefore it grants Direct Financial Execution authority.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 30, 2026, 01:06 PM
Issues
4