Skills
skills/moonpay/skills/moonpay-price-alerts/Gen Agent Trust Hub

moonpay-price-alerts

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates shell scripts in ~/.config/moonpay/scripts/ to automate price monitoring. It establishes persistence by scheduling these scripts through cron on Linux and launchd on macOS. These actions are documented and essential for the skill's primary function of providing background price alerts.
  • [PROMPT_INJECTION]: The skill processes untrusted data from an external source (token prices via the mp CLI) and interpolates it into desktop notification commands (osascript and notify-send).
  • Ingestion point: Token price data fetched from the mp token search command in alert-sol-below-80.sh.
  • Boundary markers: None present in the script to distinguish API data from the notification command structure.
  • Capability inventory: Use of osascript (AppleScript execution), notify-send, and scheduling tools (launchctl, crontab).
  • Sanitization: The script uses jq to extract the numeric price value and performs a basic check for empty or null strings. This reduces the surface for potential payload injection through the price field.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 04:57 PM