Skills
skills/magic-meal-kits/mmk-skills/mmk-paymint-send/Gen Agent Trust Hub

mmk-paymint-send

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes unvalidated user input to build command-line arguments.
  • Ingestion points: The skill accepts external data for parameters such as --phone, --name, --product, and --message in the mmk paymint send command within SKILL.md.
  • Boundary markers: There are no boundary markers or instructions to the agent to treat these inputs as non-executable data.
  • Capability inventory: The skill is granted Bash(mmk *) permissions, allowing it to execute local commands.
  • Sanitization: No sanitization or escaping of the input strings is performed before they are passed to the shell.
  • [COMMAND_EXECUTION]: The skill utilizes the mmk CLI tool, which is a vendor-specific resource associated with the author 'magic-meal-kits', to perform its primary function of sending invoices via the Paymint service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 03:28 PM