The Agent Skills Directory

[SAFE]: No malicious patterns, prompt injections, or unauthorized data access detected within the skill's instructions or provided code templates.- [COMMAND_EXECUTION]: The skill does not contain any logic for executing system commands or shell scripts; it focuses exclusively on application-level payment logic.- [EXTERNAL_DOWNLOADS]: No remote scripts or unverifiable packages are downloaded or executed. All logic uses standard, well-known libraries such as @nestjs/common and node:crypto.- [DATA_EXFILTRATION]: There is no evidence of unauthorized data transmission. Payment link generation and webhook handling are performed locally according to official provider specifications.- [PROMPT_INJECTION]: The skill provides clear implementation guidelines and does not attempt to bypass AI safety guardrails or manipulate agent behavior.- [SAFE]: Indirect prompt injection surface analysis: 1. Ingestion points: Webhook endpoints in PaymentController (SKILL.md). 2. Boundary markers: The skill mandates the use of NestJS ValidationPipe and strictly typed DTOs. 3. Capability inventory: The code performs database persistence (Prisma) and triggers business logic; it has no access to sensitive system resources. 4. Sanitization: The implementation includes mandatory signature verification for both providers (MD5 for Click and Basic Auth for Payme) to ensure data integrity and authenticity.

paymeuz-clickuz-master