secure-checkout
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust Content Security Policy (CSP) using per-request nonces in Next.js middleware to mitigate Cross-Site Scripting (XSS) and Magecart attacks.
- [SAFE]: The code snippets correctly enforce HTTPS through Strict-Transport-Security (HSTS) and other essential security headers like X-Frame-Options and X-Content-Type-Options.
- [SAFE]: The skill emphasizes payment tokenization using Stripe Elements, ensuring that sensitive card data never touches the merchant's server, which significantly reduces PCI compliance scope and risk.
- [SAFE]: Server-side input validation is correctly handled using the zod library, and HTML sanitization for external content is implemented via DOMPurify to prevent injection attacks.
- [SAFE]: Remote script loading is limited to well-known trusted payment services (Stripe) with appropriate security attributes like Subresource Integrity (SRI) recommended.
Audit Metadata