billing-integration
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill is designed to guide an AI agent in helping users integrate a specific billing service into their codebase.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and examples from docs.credyt.ai and github.com/credyt/learn. These are official resources provided by the vendor (credyt) and are used for instructional purposes.
- [CREDENTIALS_UNSAFE]: The skill mentions the CREDYT_API_KEY but specifically instructs that it should be stored securely in environment variables and never in client-side code, which aligns with security best practices.
- [PROMPT_INJECTION]: The skill processes untrusted data from the user's codebase and has file-writing capabilities, creating an attack surface for indirect prompt injection.
- Ingestion points: Project files and existing code structure (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: File system access to read and modify application code.
- Sanitization: Absent.
Audit Metadata