payram-bitcoin-payments
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE] (LOW): Indirect Prompt Injection surface. The skill describes processing external data from payment webhooks (e.g., payment.successful events). This represents a standard ingestion point where the agent may process untrusted data from the PayRam API.
- [EXTERNAL_DOWNLOADS] (LOW): The documentation references an external repository (github.com/PayRam) and a mobile application. The repository is not on the trusted sources list, though no direct automated downloads or piping to shells are present in the analyzed file.
- [COMMAND_EXECUTION] (LOW): The skill lists tools such as 'scaffold_payram_app' and 'generate_webhook_handler'. These tools imply the generation of boilerplate code or file system operations, which represent a capability tier that should be monitored during runtime.
- [NO_CODE] (SAFE): The analyzed file is exclusively Markdown documentation. It contains no executable scripts, shell commands, or logic-bearing code that would be directly executed by the agent environment.
Audit Metadata