mcp-charge-pix
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to set up the MCP environment using
npx -y kobana-mcp-charge. This downloads the vendor-owned package from the NPM registry to provide the necessary tool functionality.\n- [EXTERNAL_DOWNLOADS]: Provides configuration for a remote MCP server hosted athttps://mcp.kobana.com.br/charge/mcpusing themcp-remoteutility.\n- [COMMAND_EXECUTION]: Requires the execution of CLI commands (vianpx) to initialize and run the MCP server tools, which is a standard requirement for MCP integrations.\n- [PROMPT_INJECTION]: The skill defines tools that process user-supplied data for financial transactions, creating a surface for indirect prompt injection.\n - Ingestion points: Payment fields in
create_charge_pix(e.g.,payer.name,external_id,message).\n - Boundary markers: None explicitly defined in the provided markdown.\n
- Capability inventory: Tools perform network API calls to create, list, and manage Pix charges and accounts.\n
- Sanitization: Not specified within the skill's instructional content.
Audit Metadata