revenuecat-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains educational code snippets for implementing RevenueCat's subscription management services across various programming environments.
- [SAFE]: Sensitive information such as API keys are represented by clearly labeled placeholders (e.g., 'appl_XXXXXXXXXXXXX' and 'goog_XXXXXXXXXXXXX'), ensuring no actual credentials are leaked.
- [SAFE]: The server-side webhook handler example incorporates security best practices by validating the 'Authorization' header using a secret stored in environment variables ('process.env.REVENUECAT_WEBHOOK_SECRET').
- [SAFE]: The instructions explicitly advise developers to keep secrets in environment files rather than hardcoding them, promoting secure development practices.
Audit Metadata