stripe-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (SAFE): No evidence of direct instructions to override safety filters or extract system prompts was detected.
- [External Downloads/Dependencies] (LOW): The skill directs users to add an external MCP endpoint (https://rube.app/mcp). While this is the primary functionality, the domain is not in the trusted sources list.
- [Indirect Prompt Injection] (LOW): The skill presents a surface for indirect prompt injection by processing untrusted user data (emails, names, descriptions) into high-privilege financial tools (charges, refunds, subscriptions). 1. Ingestion points: User parameters for customers and charges in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Significant write access including charge creation and refund issuance. 4. Sanitization: Not specified in the skill logic.
Audit Metadata