Skills
skills/getpaykit/skills/create-paykit/Gen Agent Trust Hub

create-paykit

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run pnpm add paykitjs @paykitjs/stripe and npx paykitjs push. These commands are used to install dependencies and synchronize the database and Stripe schema, which is standard and expected behavior for a development scaffolding tool.
  • [DATA_EXPOSURE]: The skill identifies and checks for sensitive configuration keys such as DATABASE_URL, STRIPE_SECRET_KEY, and STRIPE_WEBHOOK_SECRET within local .env files. This is used solely to verify the local development environment; there is no evidence of these secrets being exfiltrated or transmitted to external servers.
  • [EXTERNAL_DOWNLOADS]: The skill initiates the download and installation of paykitjs and @paykitjs/stripe via the pnpm package manager. These packages are official libraries provided by the skill author (getpaykit) and are essential for the integration's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 11:41 AM