Skills
skills/prava-payments/prava-skills/prava-agent-payments/Gen Agent Trust Hub

prava-agent-payments

Fail

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands using the prava CLI tool to manage payment flows.\n- [COMMAND_EXECUTION]: The instructions explicitly suggest using sudo to install the CLI package globally (sudo npm install -g @prava-sdk/cli), which constitutes a privilege escalation risk by granting the agent elevated system permissions.\n- [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing a third-party NPM package, @prava-sdk/cli, which is an external dependency from the public registry.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it interpolates untrusted data from external sources into shell command arguments.\n
  • Ingestion points: Merchant names, URLs, and product descriptions sourced from the user or external web pages as described in SKILL.md and references/cli-sessions.md.\n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt templates.\n
  • Capability inventory: Subprocess execution of the prava CLI tool with dynamically generated arguments.\n
  • Sanitization: No sanitization, escaping, or validation of the ingested external content is specified in the skill's logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 9, 2026, 11:35 PM
Security Audit — agent-trust-hub — prava-agent-payments