Skills
skills/universokobana/kobana-agent-skills/payment-pix/Gen Agent Trust Hub

payment-pix

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to download and execute the kobana-mcp-payment package from the NPM registry to provide tool capabilities.
  • [REMOTE_CODE_EXECUTION]: It supports connecting to a remote MCP endpoint at https://mcp.kobana.com.br/payment/mcp using the mcp-remote utility.
  • [COMMAND_EXECUTION]: Instructions guide the user to execute shell commands for setting sensitive environment variables (KOBANA_ACCESS_TOKEN) and configuring the MCP environment.
  • [DATA_EXFILTRATION]: The skill facilitates the transmission of financial data and authentication tokens to external vendor domains, including api.kobana.com.br and mcp.kobana.com.br.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted Pix EMV strings (QR codes/copy-paste strings) in the decode_pix_emv tool.
  • Ingestion points: The emv parameter in decode_pix_emv (SKILL.md, REFERENCE.md).
  • Boundary markers: None identified in the prompt interpolation instructions.
  • Capability inventory: High-privilege actions including create_payment_pix and approve_payment_batch (SKILL.md).
  • Sanitization: The documentation recommends a "decode before paying" workflow as a manual verification step.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:02 PM