The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to execute 'git clone https://github.com/PayRam/payram-helper-mcp-server' followed by 'yarn install && yarn dev'. This involving downloading and running arbitrary code from an untrusted third-party source is a significant security risk.
EXTERNAL_DOWNLOADS (HIGH): Code is sourced from 'github.com/PayRam', which is not a verified trusted organization. A compromise of this repository could lead to the execution of malicious code on the host system.
COMMAND_EXECUTION (HIGH): The direct use of 'yarn install' and 'yarn dev' on external code allows for the execution of potentially malicious scripts with the agent's system privileges.
PROMPT_INJECTION (LOW): The tool 'assess_payram_project' scans the local codebase, creating a surface for indirect prompt injection. 1. Ingestion points: Local project files are read by the tool. 2. Boundary markers: No delimiters or protective instructions are identified to prevent the agent from following instructions found in the scanned files. 3. Capability inventory: The skill possesses significant capabilities including repository cloning, package installation, and application scaffolding (file writes). 4. Sanitization: No evidence of input validation or content escaping for the scanned data is mentioned.
COMMAND_EXECUTION (MEDIUM): The 'scaffold_payram_app' tool performs dynamic code generation and file system writes, which are sensitive operations that could be exploited to place malicious files on the system if logic is influenced by malicious inputs.

payram-crypto-payments