setup-chip
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation-driven assistant for the CHIP Collect API, providing structured information on payment flows, authentication, and testing without malicious intent.
- [DATA_EXFILTRATION]: No patterns for unauthorized data access or exfiltration were detected. The instructions explicitly command that the agent should 'keep secrets in env vars and never hard-code API keys or Brand IDs,' which is a standard security best practice.
- [PROMPT_INJECTION]: No direct prompt injection or jailbreak attempts were found. The skill mentions reading external documentation (
references/chip-collect-docs.md), which constitutes an indirect prompt injection surface; however, the skill lacks dangerous tools or command execution capabilities that would make this surface exploitable.
Audit Metadata