payment-integration
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements robust webhook signature verification logic in 'scripts/polar-webhook-verify.js' and 'scripts/sepay-webhook-verify.js', which mitigates the risk of unauthorized or spoofed payment notifications.
- [SAFE]: Sensitive credentials such as API keys and secrets are managed via environment variables (as seen in 'scripts/.env.example'), following industry standards for secret management.
- [SAFE]: The documentation within 'references/' explicitly guides users to implement security measures such as timing-safe comparisons for authentication and idempotency keys to prevent double-processing of transactions.
- [SAFE]: No obfuscated code, dangerous command execution (like sudo), or unauthorized remote code execution patterns were detected in the scripts or instructional content.
- [SAFE]: Network operations described in the documentation and scripts target official API endpoints of the respective payment providers or well-known, trusted services like ExchangeRate-API.
Audit Metadata