payments
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill contains 'Tell AI' blocks, which are intended as user-provided templates for a language model. These do not contain override or bypass markers designed to subvert the agent's safety protocols.
- [DATA_EXFILTRATION] (SAFE): No sensitive file access or network exfiltration patterns detected. The credit card numbers provided (e.g., 4242424242424242) are standard, publicly known Stripe test credentials used for development purposes.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no scripts, binaries, or instructions to download and execute remote code.
- [OBFUSCATION] (SAFE): No hidden, encoded, or deceptive text was found. The content is plain-text markdown.
- [CREDENTIALS_UNSAFE] (SAFE): No real API keys or secrets are hardcoded. The skill correctly advises users to use environment variables for actual Stripe keys.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill identifies the attack surface of webhooks but provides explicit remediation guidance, such as using
stripe.webhooks.constructEvent()for signature verification to prevent spoofing. - [PRIVILEGE_ESCALATION] (SAFE): No commands related to privilege escalation (e.g., sudo, chmod) are present.
Audit Metadata