moonpay-feedback
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the mp command-line interface, which is the official tool belonging to the author, MoonPay.
- [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection by taking user-provided feedback messages and interpolating them into shell commands. This is an essential feature of the skill's purpose. 1. Ingestion points: The user-provided message in SKILL.md. 2. Boundary markers: The message is encapsulated in double quotes within the mp feedback create command template. 3. Capability inventory: Execution of the mp CLI tool. 4. Sanitization: No explicit sanitization or validation of the message content is performed within the markdown instructions.
Audit Metadata