cryptorefills-buy
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to a remote Model Context Protocol (MCP) server at https://api.cryptorefills.com/mcp/http to access product catalogs and process orders. This endpoint is owned and maintained by the skill's author, cryptorefills.
- [COMMAND_EXECUTION]: The skill implements a comprehensive purchase workflow through a series of MCP tools (e.g.,
createOrder,validateOrder,purchaseElicitation). It includes specific instructions to ensure user oversight, such as requiring explicit approval before a transaction is finalized and tracking cumulative spending against session limits. - [DATA_EXFILTRATION]: The purchase workflow involves processing user email addresses and digital redemption codes (gift card PINs). These operations are a core part of the service's functionality and are handled through the vendor's established API.
- [SAFE]: The instructions emphasize secure handling of sensitive data, advising that gift card codes should be kept in memory and never written to files or shared publicly.
Audit Metadata