stripe-agent
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill facilitates communication with the trusted Stripe API using the official Stripe Python SDK for managing financial transactions and customer data.
- [EXTERNAL_DOWNLOADS]: The documentation instructs users to install reputable and well-known libraries, including 'stripe', 'flask', and official Firebase SDKs.
- [SAFE]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: Data is received from external Stripe API responses and webhook events in 'scripts/webhook_handler.py' and 'scripts/sync_subscriptions.py'.
- Boundary markers: The provided implementation does not explicitly define boundary markers to separate external data from the agent's internal instruction context.
- Capability inventory: The skill has the capability to perform sensitive operations such as issuing refunds and cancelling subscriptions through the utilities in 'scripts/stripe_utils.py'.
- Sanitization: The skill relies on the structured data provided by the Stripe SDK and uses 'TODO' placeholders where custom business logic and sanitization are required.
Audit Metadata