agent-card
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing the 'agent-cards' CLI package from the public NPM registry and uses 'npx' for skill deployment.
- [COMMAND_EXECUTION]: Utilizes the 'agent-cards' command-line tool for account management, card listing, and configuring the MCP server within the agent environment.
- [DATA_EXFILTRATION]: The skill provides tools like 'get_card_details' that can retrieve sensitive virtual card information (PAN, CVV, expiry). This is the intended primary purpose of the skill and is accompanied by explicit safety instructions for the agent to only reveal this data upon user request.
- [PROMPT_INJECTION]: The skill processes external data from transaction logs and support chats, which constitutes an indirect prompt injection surface.
- Ingestion points: 'list_transactions' (merchant fields) and 'read_support_chat' (message history).
- Boundary markers: None; external data is processed without specific delimiters or isolation instructions.
- Capability inventory: The skill can execute CLI commands, access sensitive card data, and perform network requests via MCP tools.
- Sanitization: The instructions do not define any sanitization or validation logic for external data strings.
Audit Metadata