newebpay-checkout
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill workflow in Step 2 explicitly directs the agent to locate and read sensitive production secrets, including NEWEBPAY_HASH_KEY and NEWEBPAY_HASH_IV, from .env or configuration files. This exposes high-value cryptographic materials to the model context.
- [INDIRECT PROMPT INJECTION] (HIGH): The skill exhibits a high-risk surface for indirect prompt injection. 1. Ingestion points: The agent uses Grep, Glob, and Read tools to ingest content from the user's local project files (SKILL.md Step 2). 2. Boundary markers: The instructions lack markers or delimiters to isolate untrusted file content from the agent's instruction stream. 3. Capability inventory: The skill is granted powerful tools including Bash, Write, and Edit across its files. 4. Sanitization: No validation or filtering is applied to the project content before the agent processes it.
- [COMMAND_EXECUTION] (MEDIUM): The inclusion of the Bash tool in the allowed-tools list, combined with a workflow that reads untrusted local source code, creates a path for arbitrary command execution should a local file contain malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata