stripe-integration-expert
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The code snippets correctly utilize environment variables (
process.env.STRIPE_SECRET_KEY) for sensitive credentials rather than hardcoding them. - [SAFE]: The webhook handler implementation includes mandatory signature verification using
stripe.webhooks.constructEvent, which is a critical security measure to prevent unauthorized requests. - [SAFE]: The skill incorporates an idempotency layer for webhook processing to prevent double-processing of events, which is a recommended practice for financial integrations.
- [SAFE]: External tools referenced, such as the Stripe CLI, are official tools from a trusted vendor for payment infrastructure testing.
Audit Metadata