payment-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface where untrusted data from payment webhooks can influence agent behavior. • Ingestion points: Webhook endpoints for SePay and Polar (e.g., in
references/sepay/webhooks.md). • Boundary markers: Absent; there are no instructions to delimit external data or warn the agent against following embedded instructions. • Capability inventory: Automated delivery of benefits including GitHub repository access, Discord roles, and license keys (e.g., inreferences/polar/benefits.md). • Sanitization: While scripts for signature verification are provided (scripts/sepay-webhook-verify.js), they do not sanitize the natural language content for potential prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata