stripe-automation
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to add an external MCP server endpoint (https://rube.app/mcp) to their agent configuration. This server is not from a trusted organization or well-known service domain.\n- [DATA_EXFILTRATION]: All Stripe interactions, including customer management and financial transactions, are routed through the rube.app proxy. This exposes sensitive PII (emails, names) and transaction details to a third-party service. The claim that 'No API keys needed' suggests the external server manages authentication, increasing the risk of data compromise.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of external data.\n
- Ingestion points: Data retrieved from Stripe via tools like STRIPE_SEARCH_CUSTOMERS or STRIPE_LIST_CHARGES in SKILL.md.\n
- Boundary markers: Absent; the skill does not use delimiters to separate tool output from instructions.\n
- Capability inventory: Includes high-risk actions such as creating charges (STRIPE_POST_CHARGES) and issuing refunds (STRIPE_CREATE_REFUND).\n
- Sanitization: No evidence of input validation or escaping for parameters like description or metadata which are derived from user or tool-provided strings.
Audit Metadata