Skills
skills/afu-it/malaysia-payment-gateway/setup-hitpay/Gen Agent Trust Hub

setup-hitpay

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is purely instructional and documentation-based, providing guidance on how to use official HitPay payment APIs.
  • [SAFE]: Instructions promote high-security standards for payment integration, including mandatory server-side authentication using the X-BUSINESS-API-KEY header.
  • [SAFE]: The skill correctly instructs users to verify the Hitpay-Signature using HMAC-SHA256 over the raw JSON payload to prevent webhook spoofing.
  • [SAFE]: All external references point to official HitPay domains (hitpayapp.com, hit-pay.com) and its status page, which are well-known and legitimate services for this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 02:24 PM
Security Audit — agent-trust-hub — setup-hitpay