Mercury Payments

Security checks across malware telemetry and agentic risk

Overview

This skill is documentation-only and purpose-aligned, but it gives an agent broad write-level banking authority with limited containment guidance, so users should review it carefully before installing.

Install only if you intend to let an agent assist with real Mercury banking workflows. Use the narrowest Mercury token available, verify every recipient, amount, account, invoice, and email thread yourself before execution, avoid storing tokens or bank details in memory logs, and delete downloaded invoice PDFs after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs always attaching the invoice PDF when emailing the vendor, but provides no check that the vendor does not already possess the document or that the PDF does not contain sensitive internal data such as banking details, internal notes, or PII. This creates an unnecessary external disclosure channel and increases the chance of sending sensitive financial documents to the wrong recipient or thread.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill directs the agent to download invoice attachments into /tmp without any handling requirements, retention limits, or cleanup instructions. Temporary directories are often shared, weakly controlled, or long-lived enough to expose sensitive invoice contents to other local users, processes, backups, or later misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal