Stripe Webhook Signature Verifier
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: Logs verification failures and metrics to Datadog, which is a well-known monitoring and observability platform.
- [PROMPT_INJECTION]: Processes external webhook data from Stripe and other services, creating an indirect prompt injection surface. Mandatory evidence chain: 1. Ingestion points: Stripe-Signature headers and raw request bodies (SKILL.md); 2. Boundary markers: Not explicitly specified in the instructions; 3. Capability inventory: Network operations via the Datadog Logs API and StatsD metrics (SKILL.md); 4. Sanitization: Employs the official Stripe SDK for cryptographic signature verification to ensure payload integrity.
Audit Metadata