prava-pay
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the Prava CLI, including locating the binary and running transaction-related subcommands.
- [COMMAND_EXECUTION]: It instructs the agent to use sudo for global package installation (sudo npm install -g @prava-sdk/cli) when standard permissions are insufficient, leading to privilege escalation.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the @prava-sdk/cli package from the public npm registry.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Merchant data (URLs, prices, and descriptions) sourced from third-party websites (SKILL.md, references/cli-sessions.md). Boundary markers: None; untrusted data is interpolated directly into CLI command flags. Capability inventory: Execution of system commands via the prava CLI (SKILL.md). Sanitization: No explicit sanitization or escaping of external data is performed before command interpolation.
Audit Metadata