The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill points to the PayRam/payram-helper-mcp-server repository. Because 'PayRam' is not a trusted organization, this external reference is considered a high-risk download finding.
REMOTE_CODE_EXECUTION (HIGH): The skill instructs the user or agent to run yarn dev within a cloned repository from an untrusted source. This creates a direct path for the execution of unverified third-party scripts.
COMMAND_EXECUTION (MEDIUM): The documentation suggests executing shell commands (cd payram-helper-mcp-server && yarn dev) to start the server, which can be exploited if the environment or repository contents are untrustworthy.
DATA_EXFILTRATION (LOW): The skill utilizes axios to send data to a non-whitelisted domain (defined by ${PAYRAM_BASE_URL}). While intended for payment processing, any network operation to an external, untrusted endpoint carries a low risk of data exposure.
PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its data ingestion surfaces. 1. Ingestion points: Customer data such as customerEmail and customerId are processed in the axios.post snippet. 2. Boundary markers: None are present to delimit untrusted data from instructions. 3. Capability inventory: The skill includes network operations via axios and command execution via yarn dev. 4. Sanitization: There is no evidence of sanitization or validation of the ingested customer data before it is processed.

payram-stablecoin-payments