Security audit
The Multi-Agent Commerce Cookbook: Orchestrating Agent Teams That Discover, Negotiate, Pay, and Verify Each Other
Security checks across malware telemetry and agentic risk
Overview
This is a non-running educational guide for agent payments, with sensitive but disclosed payment and signing examples users should handle carefully.
Read this as a guide, not a ready-to-run payment system. If you copy the examples, use GreenHelix sandbox and Stripe test mode first, scope keys narrowly, keep signing keys in a secrets manager, set strict per-agent budgets, log transactions, and require human approval before agents spend funds, start subscriptions, or release escrow in production.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.