payment-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions found that attempt to override agent safety guidelines, bypass filters, or extract system prompts. Instructional language is benign and professional.\n- DATA_EXFILTRATION (SAFE): No hardcoded credentials or sensitive file path access detected. The skill explicitly directs against logging sensitive card data and follows PCI compliance principles.\n- REMOTE_CODE_EXECUTION (SAFE): No patterns for downloading and executing untrusted remote code. The skill recommends using official SDKs and standard integration patterns.\n- COMMAND_EXECUTION (SAFE): While Bash is an allowed tool, there are no instructions or scripts that perform dangerous shell operations or privilege escalation.\n- INDIRECT_PROMPT_INJECTION (SAFE): While the skill involves processing external data (webhooks), which is an ingestion point for untrusted instructions, it emphasizes robust validation patterns (idempotency, dual-confirmation) to ensure the agent's actions are governed by verified state rather than external input.
Audit Metadata