payment-pci-security
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely educational and defensive in nature. It provides best practices for handling sensitive payment information and explicitly warns against insecure patterns.
- [DATA_EXFILTRATION]: The skill aims to prevent data exfiltration and PCI violations by enforcing the use of tokenization and the Secure Proxy. It provides logic to ensure raw card data never reaches the connector's environment.
- [CREDENTIALS_UNSAFE]: The code examples correctly demonstrate the use of environment variables for managing API keys and secrets, avoiding hardcoded credentials.
- [COMMAND_EXECUTION]: No suspicious command execution or shell injection patterns were found. The examples use standard HTTP fetch operations for payment processing.
- [EXTERNAL_DOWNLOADS]: All external links point to official documentation (vtex.com) or the PCI Security Standards Council website. No unauthorized external code downloads were detected.
Audit Metadata