paypal-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill implements secure webhook handling according to industry standards.
- [EXTERNAL_DOWNLOADS]: Fetches certificates from PayPal's official domains. The code includes validation to ensure the hostname ends with '.paypal.com', mitigating risks associated with fetching remote content.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found in the codebase or documentation.
- [DATA_EXFILTRATION]: Network activity is limited to fetching public certificates from trusted PayPal endpoints.
- [PROMPT_INJECTION]: The skill processes external webhook data, creating a potential surface for indirect injection. However, the examples use safe processing patterns that do not execute untrusted content.
Audit Metadata