Skills
skills/universokobana/kobana-agent-skills/transfer-pix/Gen Agent Trust Hub

transfer-pix

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the kobana-mcp-transfer and mcp-remote packages from the npm registry to enable MCP server functionality.
  • [COMMAND_EXECUTION]: Instructs the use of npx to execute MCP servers and remote connection tools from the command line.
  • [DATA_EXFILTRATION]: Performs network operations to Kobana's official API and MCP endpoints (api.kobana.com.br, mcp.kobana.com.br) to manage financial transactions.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from external API responses while having high-impact financial capabilities.
  • Ingestion points: Data entering the agent context via tools like list_transfer_pix and get_transfer_pix defined in SKILL.md and references/REFERENCE.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore instructions embedded in the API data.
  • Capability inventory: Powerful financial tools including create_transfer_pix and approve_transfer_batch defined in SKILL.md and references/REFERENCE.md.
  • Sanitization: No mention of sanitization or validation of API response content before processing by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:02 PM