payments
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The installation process uses
npx skills addto fetch the skill fromsailscastshq/boring-stack. This organization is not on the trusted list, posing a supply chain risk through the execution of unverified remote code. - Indirect Prompt Injection (HIGH): The skill handles untrusted external data which can influence agent behavior.
- Ingestion points: Webhook controller and external payment provider (Lemon Squeezy) responses.
- Boundary markers: None specified in the provided documentation to isolate external data from instructions.
- Capability inventory: Modifies application configuration (
config/pay.js), writes to the database (Subscriptionmodel), and manages financial sessions (sails.pay.checkout()). - Sanitization: While signature verification is mentioned for webhooks, there is no evidence of sanitization or escaping of the payload content to prevent it from being interpreted as instructions by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata