mpp-dev-patterns
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a high-quality implementation guide for the MPP protocol, focusing on security primitives like HMAC binding, replay protection, and canonical JSON encoding.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation from legitimate and official sources, including the IETF (a well-known service), Stripe (a trusted organization), and the paymentauth.org specification site. These are neutral informational references for specification compliance.
- [CREDENTIALS_UNSAFE]: The skill follows industry standard best practices for secret management. It explicitly instructs against hardcoding credentials, recommends the use of environment variables and secret managers, and suggests periodic rotation of keys.
- [COMMAND_EXECUTION]: The skill mentions standard utility commands like
openssl rand -hex 32for cryptographic key generation. These are provided as implementation examples for the developer and do not represent malicious execution patterns. - [PROMPT_INJECTION]: No patterns attempting to override agent instructions, bypass safety filters, or extract system prompts were detected. The language is professional and strictly technical.
Audit Metadata