third-party-integration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The code correctly utilizes environment variables (e.g.,
process.env.STRIPE_SECRET_KEY) to handle sensitive credentials, avoiding the risk of hardcoded secrets. - [SAFE]: Integrations target well-known and trusted third-party services including Stripe and SendGrid, which is consistent with the skill's stated purpose.
- [SAFE]: The skill implements robust security patterns for incoming data, specifically using
stripe.webhooks.constructEventto verify the authenticity of webhook payloads via cryptographic signatures. - [SAFE]: Standard, reputable libraries (axios, stripe, @sendgrid/mail, requests, express) are used for networking operations without any evidence of malicious wrappers or unauthorized data exfiltration.
Audit Metadata