ovra-agentic-payments
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to remote MCP server endpoints at
api.getovra.comandmcp.getovra.comto facilitate payment processing and account management. - [COMMAND_EXECUTION]: The skill provides tools that can perform sensitive and high-impact operations, including issuing virtual Visa cards (
ovra_card:issue), provisioning agents (ovra_agent:provision), and permanently deleting customer data (ovra_customer:gdpr_delete). - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it processes untrusted data from external merchants and web APIs (e.g., during checkouts or 402 error handling) which can influence the agent's behavior.
- Ingestion points: Data enters the agent context through merchant responses in
ovra_pay, transaction details inovra_intent, and merchant metadata inovra_merchant. - Boundary markers: The instructions include explicit guidelines for 'Agent vs Human boundaries', requiring human approval for high-value intents, policy changes, and data deletion.
- Capability inventory: The skill has broad capabilities across its scripts, including managing credit cards (
ovra_card), executing financial transactions (ovra_pay), and managing user identity/GDPR data (ovra_customer). - Sanitization: No explicit sanitization or input validation logic is defined within the provided skill instructions to filter instructions embedded in merchant-provided data.
Audit Metadata