payuni-webhook
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides instructions for using 'ngrok' and standard database operations. These are routine development tasks and do not involve arbitrary command execution from untrusted sources.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were found. The code snippets correctly utilize environment variables (
PAYUNI_HASH_KEY,PAYUNI_HASH_IV) for sensitive configuration. - [PROMPT_INJECTION] (SAFE): There are no patterns suggesting attempts to override agent behavior or bypass safety filters. The instructions are purely technical and educational.
- [DATA_EXFILTRATION] (SAFE): No unauthorized network operations or sensitive file access patterns were detected. The network operations described (webhooks) are the intended purpose of the skill.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill handles untrusted external data (webhook payloads), the provided templates include robust sanitization via SHA256 signature verification and
timingSafeEqualcomparisons, effectively mitigating spoofing and injection risks at the implementation level.
Audit Metadata