payment-assistant
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script uses
subprocess.runto interact with platform-specific clipboard tools (macOS osascript, Linux xclip, and Windows powershell) to enable QR code decoding from the clipboard. - Evidence: Found in
payment_skill.pywithin theQRCodeHandlerclass. - These commands use fixed local paths for image processing and are only executed following explicit user consent as dictated in the
SKILL.mdsafety rules. - [DATA_EXPOSURE]: The skill requires Binance API credentials for operation. It utilizes a standard and secure pattern by instructing users to store these secrets in a local
config.jsonor environment variables. - Evidence: Documented in the Setup Guide and implemented in the
load_configfunction inpayment_skill.py. - [PROMPT_INJECTION]: The skill explicitly mitigates Indirect Prompt Injection risks by providing clear instructions to the AI agent to ignore any command-like text found within untrusted data fields such as payee names or transaction remarks.
- Evidence: The
SKILL.mdfile contains a 'NEVER DO' section prohibiting the interpretation of API response fields as instructions and requires the use of delimiters (「」) for display. - [EXTERNAL_DOWNLOADS]: All external dependencies listed in
requirements.txt(requests,opencv-python,pyzbar,Pillow) are standard, well-known libraries used for networking and image processing.
Audit Metadata