payload-cms
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No patterns of instruction overrides, role-play jailbreaks, or safety bypass attempts were detected. The language is purely instructional and focused on CMS development.
- [DATA_EXFILTRATION] (SAFE): No sensitive file paths (e.g., .ssh, .aws) or unauthorized network calls are present. Examples use environment variables for secrets, following security best practices.
- [REMOTE_CODE_EXECUTION] (SAFE): No instances of piping remote content to a shell or dynamic execution of untrusted code. Command examples (npx, pnpm) are for developer project initialization.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys or secrets. The config examples correctly reference
process.env.PAYLOAD_SECRETandprocess.env.DATABASE_URL. - [OBFUSCATION] (SAFE): The content is entirely human-readable with no encoded strings (Base64), zero-width characters, or homoglyphs.
Audit Metadata