Skills
skills/paymcp/skills/monetization/Gen Agent Trust Hub

monetization

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface by using write and execute capabilities to process external or user-provided data.\n
  • Ingestion points: Processes user integration requests and reads content from the references/ directory (File: SKILL.md).\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the tool definitions.\n
  • Capability inventory: Employs the Bash and Edit tools, allowing for arbitrary command execution and project-wide file modification (File: SKILL.md).\n
  • Sanitization: No validation or escaping is performed on external content before it is used to generate or modify server logic.\n- [Unverifiable Dependencies] (MEDIUM): The skill instructs the agent to install the paymcp library for both Python and Node.js.\n
  • Evidence: Playbook A and Playbook B command the use of npm install paymcp and pip install paymcp.\n
  • Status: The paymcp library is not associated with any entities in the [TRUST-SCOPE-RULE] list of trusted organizations.\n- [Command Execution] (HIGH): The skill grants the agent access to the Bash tool, enabling direct shell access to the host system.\n
  • Evidence: Bash is explicitly listed in the allowed-tools section of the skill metadata (File: SKILL.md).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:39 AM