stripe-sync
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill provides instructions to download 'recipes' from
https://fullstackrecipes.com/api/recipes/stripe-sync. This domain is not a trusted source. - Ingestion Point: External API call to an untrusted domain.
- Context: The skill description indicates it handles sensitive operations like Stripe subscriptions and Postgres database synchronization, increasing the potential impact of malicious instructions retrieved from the external source.
- [REMOTE_CODE_EXECUTION] (LOW): The provided bash command fetches text/plain content. While it does not directly pipe the output to an interpreter (e.g.,
| bash), the resulting 'recipe' likely contains further instructions for the agent to execute, creating a dependency on unverified remote content.
Audit Metadata