snippe-integration
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of markdown-based documentation and code templates. No executable scripts or automation routines are provided for the agent to run locally.
- [SAFE]: All sensitive parameters, such as API keys (
snp_...), webhook secrets, and JWT tokens, are represented by clearly labeled placeholders (e.g.,snp_your_api_key_here,<api_key>). No hardcoded credentials or secrets are present. - [SAFE]: The skill explicitly promotes security best practices for developers, including HMAC-SHA256 signature verification for webhooks, constant-time string comparison to prevent timing attacks, and timestamp validation to mitigate replay attacks.
- [SAFE]: External links point to official documentation and upstream payment processor domains (snippe.sh, snippe.me, selcom.online). No suspicious or obfuscated URLs were found.
- [SAFE]: No prompt injection, privilege escalation, or persistence mechanisms were detected in the instructions or metadata.
Audit Metadata