woocommerce-payments
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- Category 8: Indirect Prompt Injection (INFO): The provided code skeletons demonstrate how to handle untrusted input from checkout fields (e.g.,
$_POST['mce_card_number']). While the examples focus on logic rather than security, they do not include full sanitization or CSRF protection. This is an inherent property of code templates and not a malicious finding. - General (SAFE): No evidence of prompt injection, hardcoded credentials, remote code downloads, or privilege escalation was found in the documentation or code snippets.
Audit Metadata