mpp-proxy

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is primarily instructional, providing architecture patterns and code snippets for wrapping existing APIs with a payment layer.
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch documentation and implementation guides from well-known and trusted services, including NPM, Cloudflare, and GitHub (Stripe samples).
  • [CREDENTIALS_UNSAFE]: The code examples demonstrate the correct usage of environment variables (e.g., process.env.MPP_SECRET_KEY) for managing sensitive credentials, rather than hardcoding them.
  • [DATA_EXFILTRATION]: The architecture described is a transparent proxy. While it handles request headers and bodies, this is consistent with its stated purpose of forwarding traffic to upstream services. No unauthorized data harvesting or hidden exfiltration patterns were identified.
  • [COMMAND_EXECUTION]: While the skill manifest allows access to the Bash tool, there are no instructions or scripts that perform suspicious or high-risk command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM
Security Audit — agent-trust-hub — mpp-proxy