Skills
skills/cartridge-gg/docs/slot-paymaster/Gen Agent Trust Hub

slot-paymaster

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection.
  • Ingestion points: Ingests data from an external GitHub repository (github.com/cartridge-gg/presets) via the add-from-preset command and from the local filesystem via the add-from-json command.
  • Boundary markers: Absent; there are no delimiters or instructions to the agent to ignore embedded commands within the ingested content.
  • Capability inventory: The skill has the capability to modify financial configurations, including budget allocation and sponsorship policies, via the slot CLI.
  • Sanitization: Absent; no validation or filtering of the ingested external content is performed.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads policy presets from github.com/cartridge-gg/presets. This organization is not on the trusted list, and fetching remote configurations poses a risk of malicious policy injection.
  • [COMMAND_EXECUTION] (LOW): The skill routinely executes shell commands using the slot CLI tool to perform its stated management functions, which is expected but provides an execution surface for injected content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:27 AM