spree-payments
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent or user to fetch documentation from official sources, including
spreecommerce.organd thespreeorganization on GitHub. These are well-known, trusted sources for this technology. - [COMMAND_EXECUTION]: Provides standard Ruby on Rails development commands such as
bundle installandbin/rails generatefor installing integration gems. These are expected for the skill's purpose. - [DATA_EXFILTRATION]: No hardcoded credentials or exfiltration patterns detected. The skill correctly identifies and recommends the use of environment variables and Rails credentials for managing sensitive API keys.
- [PROMPT_INJECTION]: No behavioral overrides or safety bypass attempts were found.
- [INDIRECT_PROMPT_INJECTION]: The skill describes handling external data via webhooks. While this is an ingestion point for untrusted data, the instructions emphasize best practices like HMAC signature verification and the use of established library-based handlers.
Audit Metadata