whop-payments-network
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several official SDKs from the 'whopio' vendor, including
@whop/sdk(Node.js),whop-sdk(Python), andwhop_sdk(Ruby) for server-side and client-side integration. - [COMMAND_EXECUTION]: Documentation provides standard package manager commands (e.g.,
npm install,pip install) for installing the Whop SDKs and a command for adding the skill itself vianpx. - [PROMPT_INJECTION]: The
codebase-scan.mdfile contains a detailed prompt designed to guide an AI agent through an analysis of a user's codebase. This creates a functional attack surface for indirect prompt injection as it involves processing untrusted local project data. - Ingestion points: Project root directory and all code/config files during the codebase scan.
- Boundary markers: Absent; the prompt does not specify delimiters or instructions to ignore embedded commands in the scanned files.
- Capability inventory: Filesystem read access to perform the scan and file write access to save the
whop-integration-scan.mdreport. - Sanitization: Absent; the prompt does not mention validation or escaping of the ingested codebase content.
Audit Metadata