setup-bayarcash
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is a documentation-based resource for Bayarcash payment integration. All external links, such as API endpoints (bayar.cash) and GitHub repositories (webimpian), belong to the official service provider or trusted platforms.
- [NO_CODE]: No executable code, shell scripts, or binaries are included in the skill files.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The instructions emphasize the importance of keeping API secrets server-side and avoiding exposure in client-side code or logs. Placeholder values are used for credentials in all examples.
- [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface by ingesting external documentation from vendor-controlled URLs. Ingestion points: External API documentation links in references/bayarcash-api.md. Boundary markers: None present. Capability inventory: Code generation and API guidance (no local execution capabilities). Sanitization: None present, though manual validation is recommended for integration work. This surface is considered safe given the trusted nature of the sources.
Audit Metadata