Skills
skills/payram/payram-mcp/payram-crypto-payments/Gen Agent Trust Hub

payram-crypto-payments

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the PayRam MCP server from the vendor's official GitHub repository (github.com/payram/payram-mcp).
  • [COMMAND_EXECUTION]: Users are instructed to execute shell commands including git clone, yarn install, and yarn dev to deploy and run the vendor's software on their local machine.
  • [PROMPT_INJECTION]: The assess_payram_project tool presents a surface for indirect prompt injection as it ingests and processes untrusted project files from the local environment.
  • Ingestion points: User project codebase via the assess_payram_project tool (SKILL.md).
  • Boundary markers: None specified in the instructions to delimit external content.
  • Capability inventory: The skill includes tools for code generation (scaffold_payram_app, generate_payment_sdk_snippet) and instructions for local shell execution.
  • Sanitization: No input validation or sanitization of the processed project data is described.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 04:09 AM
Security Audit — agent-trust-hub — payram-crypto-payments