Skills
skills/aradotso/ai-agent-skills/snaplii-agent-payments/Gen Agent Trust Hub

snaplii-agent-payments

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone and install a command-line interface from the vendor's official GitHub repository (github.com/Snaplii-Inc/agent-to-merchant-payments.git). This is a standard installation procedure for this integration.
  • [COMMAND_EXECUTION]: The skill uses the Python subprocess module to interact with the snaplii CLI. This allows the agent to execute functions such as browsing gift card catalogs, retrieving quotes, and finalizing purchases.
  • [CREDENTIALS_UNSAFE]: The skill utilizes a SNAPLII_API_KEY for authentication. The instructions explicitly advise against hardcoding the key and instead recommend using environment variables and secure hidden inputs via the snaplii init command to prevent credential exposure.
  • [PROMPT_INJECTION]: As an agent-facing commerce tool, the skill possesses an attack surface for indirect prompt injection via external merchant data.
  • Ingestion points: External data is brought into the agent context through CLI commands like snaplii browse tags and snaplii giftcard list which fetch real-time merchant information from Snaplii APIs.
  • Boundary markers: The example Python implementations in the documentation do not currently use specific delimiters to isolate merchant-provided data from agent instructions.
  • Capability inventory: The skill is capable of executing financial transactions (purchases) and accessing sensitive gift card details (codes and PINs) using subprocess.run calls.
  • Sanitization: The provided code examples process CLI output directly without additional sanitization or validation steps before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 04:27 PM
Security Audit — agent-trust-hub — snaplii-agent-payments