nostr-zap-integration
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides technical documentation and implementation logic for Nostr payment standards. All described behaviors are consistent with the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The implementation involves performing HTTP GET requests to remote servers for LNURL discovery and invoice retrieval. These are standard protocol-defined operations and are documented with appropriate error handling and validation.
- [PROMPT_INJECTION]: The skill handles data from external Nostr events and LNURL endpoints. It includes explicit instructions for validating this data, such as verifying the 'allowsNostr' flag, matching public keys, and checking signature validity, which effectively mitigates the risk of processing malicious inputs.
Audit Metadata