payram-no-kyc-crypto-payments
Fail
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation provides an installation command that downloads a script from 'https://get.payram.com' and pipes it directly to the bash shell. This facilitates execution of remote code on the target system.- [COMMAND_EXECUTION]: Setup instructions include the use of 'ssh root@' for server access, indicating that the deployment process requires administrative privileges on the infrastructure.- [EXTERNAL_DOWNLOADS]: The skill references external URLs and resources maintained by the vendor, including official domains and GitHub repositories for setup and integration.- [PROMPT_INJECTION]: The skill identifies ingestion points for untrusted data, such as customer email and IDs during payment initiation in SKILL.md. It lacks explicit boundary markers for this data, which is handled near capabilities like command execution. The skill documentation notes the use of API key validation for webhook sanitization.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.payram.com - DO NOT USE without thorough review
Audit Metadata