spree-payments

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent or user to fetch documentation from official sources, including spreecommerce.org and the spree organization on GitHub. These are well-known, trusted sources for this technology.
  • [COMMAND_EXECUTION]: Provides standard Ruby on Rails development commands such as bundle install and bin/rails generate for installing integration gems. These are expected for the skill's purpose.
  • [DATA_EXFILTRATION]: No hardcoded credentials or exfiltration patterns detected. The skill correctly identifies and recommends the use of environment variables and Rails credentials for managing sensitive API keys.
  • [PROMPT_INJECTION]: No behavioral overrides or safety bypass attempts were found.
  • [INDIRECT_PROMPT_INJECTION]: The skill describes handling external data via webhooks. While this is an ingestion point for untrusted data, the instructions emphasize best practices like HMAC signature verification and the use of established library-based handlers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — spree-payments