payment-provider-protocol
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and implementation examples for the VTEX Payment Provider Protocol (PPP), covering mandatory endpoints like Manifest, Create Payment, and Cancel.
- [SAFE]: Code examples use standard Express.js patterns to illustrate how to handle incoming requests and return the required JSON response shapes.
- [SAFE]: The instructions correctly emphasize security best practices, including mandatory HTTPS/TLS 1.2 and the use of Secure Proxy for card handling.
- [CREDENTIALS_UNSAFE]: While the skill mentions authentication tokens and app keys, these are handled as variables within response structures or placeholders in implementation guides, rather than hardcoded secrets.
- [INDIRECT_PROMPT_INJECTION]: The skill describes endpoints that process external data from the VTEX Gateway. However, the examples show standard data processing for payment flows and do not involve unsafe interpolation into prompts or execution of untrusted commands.
Audit Metadata