set-up-wso2-open-banking
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the MySQL JDBC driver from Maven Central (repo1.maven.org) and product extensions from WSO2's official documentation site (apim.docs.wso2.com), which are standard and trusted sources for these components.
- [EXTERNAL_DOWNLOADS]: Fetches Open Banking CA certificates from Atlassian (openbanking.atlassian.net), a well-known service domain used for official documentation and assets.
- [COMMAND_EXECUTION]: Executes setup scripts (merge.sh, configure.sh) and startup binaries (wso2server.sh) that are standard parts of the WSO2 product distribution.
- [CREDENTIALS_UNSAFE]: References the default WSO2 keystore password 'wso2carbon' for automated certificate management, which is the documented default for these products and includes safeguards for manual input.
- [PROMPT_INJECTION]: The skill processes user-provided URLs for product zip files, representing a vulnerability surface for indirect prompt injection; however, this is a core intended functionality for an installation tool and is mitigated by explicit user control over the sources.
Audit Metadata