stripe
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection where untrusted external data can influence tool usage. 1. Ingestion points: External data enters via the
WebSearchandRead(local codebase) tools. 2. Boundary markers: No delimiters or instructions are provided to the agent to ignore instructions embedded in the data it reads. 3. Capability inventory: The agent can execute arbitrary shell commands viaBashand modify or create files usingWriteandEdit. 4. Sanitization: No sanitization or validation of external content is performed before the agent uses its capabilities. - Command Execution (LOW): The skill documentation suggests using the
Bashtool for package management (bun add) and system configuration (brew install). These are powerful capabilities that increase the impact of a potential injection. - Credentials Unsafe (INFO): The skill contains example Stripe environment variables with prefixes like
sk_live_...andpk_live_.... These are clearly marked as placeholders and do not contain actual secrets, though they highlight sensitive data storage locations.
Recommendations
- AI detected serious security threats
Audit Metadata