payment-integration
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): No malicious instructions or bypass attempts were detected in the prompt content or conversation examples.
- DATA_EXPOSURE (SAFE): The skill avoids hardcoded secrets, demonstrating the use of environment variables for API keys. It performs network requests only to legitimate payment provider endpoints.
- REMOTE_CODE_EXECUTION (SAFE): No patterns of downloading and executing arbitrary remote code were identified. It utilizes standard, well-known Node.js packages.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill provides development templates rather than processing untrusted external content that could influence the agent's logic. It includes explicit reminders for developers to implement server-side validation to prevent data manipulation.
Audit Metadata