Skills
skills/sahyll/juspay-skills/integrate/Gen Agent Trust Hub

integrate

Pass

Audited by Gen Agent Trust Hub on May 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection due to its 'doc-driven' architecture.
  • Ingestion points: Documentation content is fetched from remote URLs via the docs-mcp-server:doc_fetch_tool based on mappings resolved at runtime.
  • Capability inventory: The agent uses the fetched information to generate code, modify project build files (e.g., build.gradle, Podfile), install packages, and execute test scripts via shell commands.
  • Sanitization: While the skill instructs the agent to mask credentials in logs, it does not specify boundary markers or sanitization for instructions parsed from the documentation, meaning malicious content in a fetched page could potentially influence the agent to perform unauthorized actions.
  • Boundary markers: The instructions emphasize following doc-sourced names and sequences but lack explicit warnings to ignore potential instructions embedded within the documentation content itself.
  • [COMMAND_EXECUTION]: The skill requires extensive local shell execution capabilities to fulfill its purpose as a development tool.
  • Build Tooling: Executes package managers like npm, flutter, pod, and framework-specific CLI tools like npx cap sync or expo prebuild.
  • Project Modification: Uses the Edit and Write tools to modify sensitive project configuration files including AndroidManifest.xml, build.gradle, and .env files.
  • Local Testing: Executes internal bash scripts (session.sh, order-status.sh) that use curl to interact with the user's local backend server.
  • [EXTERNAL_DOWNLOADS]: The skill fetches external content to guide the integration process.
  • The doc_fetch_tool and explore_product tools retrieve documentation structure and page content from Juspay's documentation servers.
  • While these are expected sources for the skill's functionality, they represent a remote dependency for the agent's logic.
  • [PROMPT_INJECTION]: A heuristic detector flagged an attempt to conceal actions from the user.
  • Analysis: This refers to the 'SECURITY' section in SKILL.md which instructs the agent to never include API keys or secrets in terminal output or verification strings. In this context, this is a defensive security measure (Secret Masking) to prevent credential leakage into logs rather than a malicious attempt to hide the agent's operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 27, 2026, 06:52 AM
Security Audit — agent-trust-hub — integrate