bc-payments

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill functions as an educational and implementation guide for BigCommerce APIs. It does not contain malicious instructions or hidden payloads.
  • [EXTERNAL_DOWNLOADS]: The skill references official documentation and endpoints from BigCommerce (developer.bigcommerce.com and payments.bigcommerce.com). These are well-known service domains and are used legitimately for fetching technical documentation and processing API requests.
  • [PROMPT_INJECTION]: No evidence of prompt injection, role-play bypasses, or instructions to ignore safety guidelines were found.
  • [DATA_EXFILTRATION]: There are no hardcoded credentials or attempts to access sensitive local system files. The skill specifically includes a 'Best Practices' section advising against logging or storing raw payment data.
  • [COMMAND_EXECUTION]: While the skill lists Bash as an allowed tool, it does not provide any instructions to execute dangerous or unauthorized commands. Its focus is on API interaction logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:33 AM
Security Audit — agent-trust-hub — bc-payments