abacatepay
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill uses appropriate placeholders for environment variables such as API keys and webhook secrets, preventing the exposure of actual credentials.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references the standard official SDK for the service, which is a required dependency for the stated integration purpose.
- [Indirect Prompt Injection] (SAFE): The skill implements logic to process external webhook data but mitigates potential injection risks by providing a robust cryptographic signature verification pattern.
- Ingestion point: Webhook payload structure in references/api-reference.md
- Sanitization: HMAC-SHA256 signature verification logic in SKILL.md.
Audit Metadata