ovra-agentic-payments
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill interfaces with the official Ovra API (api.getovra.com) to facilitate payments, which is the stated purpose of the extension.
- [SAFE]: Security is enhanced by the use of Device Primary Account Numbers (DPAN) and cryptograms, ensuring that actual credit card numbers (PAN) are never exposed to the agent or stored in logs.
- [SAFE]: The skill includes explicit human-in-the-loop requirements for sensitive actions such as provisioning agents, changing policies, or approving high-value transactions.
- [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection due to its core functionality of processing external data. Ingestion points: Untrusted data enters the agent context via the ovra_pay tool (URL) and the ovra_receipt tool (file content) in SKILL.md. Boundary markers: No explicit delimiters or instruction-ignoring delimiters are provided in the documentation examples. Capability inventory: The skill is capable of performing financial transactions and network requests via the Ovra API as defined in SKILL.md. Sanitization: No explicit sanitization or input validation logic is detailed within the prompt instructions provided.
Audit Metadata