The Agent Testing & Observability Cookbook: Ship Reliable Agent Commerce Systems

Security checks across malware telemetry and agentic risk

Overview

This is a non-executing educational guide for testing and monitoring agent-commerce systems, with sensitive examples that require care if copied into real projects.

Install as documentation, not as a ready-to-run payment system. Before copying examples, use sandbox or least-privilege test credentials, protect signing keys, redact trace inputs and outputs, and avoid production escrow or release operations unless you intend the financial side effects.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The documentation recommends redacting inputs in production, but the AgentTracer implementation stores full input_data for every traced call in memory. In a payments/agent-commerce context, those inputs may include identifiers, amounts, endpoints, or even sensitive tokens, increasing risk of accidental disclosure through logs, memory dumps, debugging, or downstream telemetry export.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal