payment-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious code, prompt injections, or obfuscation attempts were found in the skill's scripts or documentation.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references official SDKs and client-side libraries for Stripe, Polar, Paddle, and Creem.io. These are legitimate dependencies for the stated purpose of payment integration.
- [DATA_EXPOSURE] (SAFE): Environment variable templates use safe placeholders (e.g., 'your_key', 'xxxx'). No hardcoded production credentials were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides scripts for processing webhook data from external payment providers. While this represents a surface for ingesting untrusted data, the skill mitigates risks by including robust signature verification and HMAC authentication logic in the provided helper scripts.
Audit Metadata