chargebee-integration
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data through webhooks, creating a surface for indirect prompt injection.
- Ingestion points: The handle_webhook function in SKILL.md and the event schemas in references/webhooks.md ingest data from external HTTP POST requests.
- Boundary markers: None identified in the prompt interpolation logic.
- Capability inventory: The skill provides patterns for customer CRUD operations, subscription management, and payment processing (referenced in SKILL.md and references/rest-api.md).
- Sanitization: The skill correctly recommends signature verification using chargebee.Webhook.verify_signature to validate the source of the data.
- [EXTERNAL_DOWNLOADS]: The skill fetches configuration and integration logic using the 'chargebee-init' CLI tool (npx chargebee-init@latest) and references official SDKs hosted on GitHub. These resources are provided by the official vendor 'chargebee'.
Audit Metadata