bc-payments

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill references official BigCommerce developer documentation and API endpoints (developer.bigcommerce.com and payments.bigcommerce.com), which are recognized as well-known and trusted services.
  • [SAFE]: The documentation includes appropriate warnings regarding PCI compliance and provides examples using standard test card numbers and placeholder tokens, correctly advising against the storage of raw card data.
  • [PROMPT_INJECTION]: The skill instructions include fetching external documentation via WebFetch and WebSearch, which creates an indirect prompt injection surface. While the sources are trusted, the instructions lack explicit safety boundaries. Ingestion points: BigCommerce developer documentation URLs. Boundary markers: Absent; no delimiters are used to separate fetched content from instructions. Capability inventory: Bash, Write, Edit, WebSearch, WebFetch. Sanitization: Absent; no validation or filtering is performed on external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM
Security Audit — agent-trust-hub — bc-payments