payment-gateway-integration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates security best practices by utilizing environment variables (
os.getenv,process.env) to handle sensitive API keys and secrets rather than hardcoding them. - [SAFE]: All payment integration examples (Stripe, PayPal) include proper webhook signature verification using official SDK methods to prevent replay attacks and spoofing.
- [SAFE]: The documentation includes a comprehensive list of security 'DOs' and 'DON'Ts', emphasizing PCI compliance, HTTPS usage, and the avoidance of raw credit card data storage.
- [SAFE]: The provided scripts and templates (e.g.,
validate-api.shand OpenAPI scaffolds) perform benign administrative tasks without any signs of command injection or malicious execution.
Audit Metadata