coinpaprika-api
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to connect to an external Model Context Protocol (MCP) server at
https://mcp.coinpaprika.com/sseand to install plugins from thecoinpaprikanamespace. These resources are associated with the official CoinPaprika service. - [COMMAND_EXECUTION]: Includes setup steps requiring the execution of plugin management commands, such as
/plugin marketplace add coinpaprika/claude-marketplaceand/plugin install coinpaprika@coinpaprika-plugins. - [PROMPT_INJECTION]: The skill ingests data from external API endpoints (e.g., coin descriptions and event data) which represents a surface for indirect prompt injection.
- Ingestion points: Data retrieved via tools like
getCoinByIdandgetCoinEventsfrom the CoinPaprika API. - Boundary markers: None specified in the instructions.
- Capability inventory: Tools are focused on market data retrieval; no capabilities for shell execution, file system modification, or network requests outside the API scope are present.
- Sanitization: Not specified.
Audit Metadata