moonpay-auth
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@moonpay/clipackage globally via the npm package manager to provide the necessary tools for authentication and wallet management.\n- [COMMAND_EXECUTION]: The skill executes commands using thenpm,mp(MoonPay CLI), andgog(Google Workspace CLI) tools to perform setup, verify authentication, and manage wallet lifecycle.\n- [CREDENTIALS_UNSAFE]: The documentation includes examples of importing wallets by passing mnemonic phrases and private keys directly as command-line arguments to themptool. This practice can result in secrets being exposed in system process lists or saved in shell history files.\n- [DATA_EXFILTRATION]: The skill references and accesses sensitive configuration directories located at~/.config/moonpay/, which contain encrypted wallet data and user authentication tokens necessary for its operations.\n- [PROMPT_INJECTION]: The 'Autonomous login' feature introduces an indirect prompt injection surface by instructing the agent to read content from an external email account using thegogtool.\n - Ingestion points: External data enters the agent context via email search results retrieved using the
gog gmail searchcommand inSKILL.md.\n - Boundary markers: No delimiters or specific instructions are provided to separate the untrusted email content from the agent's instructions.\n
- Capability inventory: The skill allows for the execution of CLI commands and access to sensitive local wallet configurations.\n
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of the emails before extracting the verification code.
Audit Metadata